I think it may still have issues, but I haven't had a chance to test it yet. Having duplicate entries in the syscheck db might be the big problem. Beyond this you could probably turn on the alert on new files option and create a rule for it. And possibly create a rule to ignore the syscheck stuff you don't want to deal with in /application. But I think this would still require you knowing what's in /application. Alerting on new files could give you the notification you aren't currently getting when your systems are changed.
On Thu, Oct 14, 2010 at 10:32 AM, ItsMikeE <[email protected]> wrote: > Just re-read your original response, which I now realise I had > misunderstood. > Will test this out and report back. > > On Oct 14, 3:13 pm, "dan (ddp)" <[email protected]> wrote: >> >> If I'm correct, then my original suggestion attempts to do this. I >> still don't know if it will work. Trying to work around crazy rarely >> does.
