On Fri, Sep 3, 2010 at 1:23 PM, jplee3 <[email protected]> wrote: > Thanks Dan... is there a "got smaller" syscheck alert? Or, if I wanted > to venture into adding something of my own, is there a file syscheck > parameters live? I checked ossec_rules and I see references to > "decoded as" however when I look at the decoder.xml, I don't see > anything regarding "syscheck" >
You'd probably add that type of check in src/syscheckd, but I haven't done much with the source.
