I don't have the link handy, but you can search for "command" on ossec.net to find it. You'd basically be looking for the full_command option.
-----Original Message----- From: Jason 'XenoPhage' Frisvold Sent: 09/04/2010 11:25:24 PM Subject: Re: [ossec-list] ossec check_diff and netstat -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sep 2, 2010, at 4:05 PM, reg wrote: > I am trying to track listen port changes on our Linux hosts. I > followed the instructions in Daniel's blog. I got that working, > however I was interested in fine tuning > the setup to try and limit what netstat picks up and reports. Here is > my setup. This sounds interesting.. Can you post a link to the blog entry so I can have a go at this as well? Thanks, - --------------------------- Jason 'XenoPhage' Frisvold [email protected] - --------------------------- "Any sufficiently advanced magic is indistinguishable from technology." - - Niven's Inverse of Clarke's Third Law -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iEYEARECAAYFAkyDDacACgkQ8CjzPZyTUTQ7EQCfdGox+9OyIexvZX034/IVooXK aH4Anj3L4HETGBRVWt6PXltELLpmbg4Z =HVSd -----END PGP SIGNATURE-----
