Else, I think u can consider implementing agentless monitoring on the Remote Linux box. Agentless Version of the OSSEC has 4 plugins (pls check the same on the site), one of which helps u in implementation of the same.
Regards Tanishk -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Joe Gedeon Sent: Tuesday, December 07, 2010 3:24 AM To: [email protected] Subject: Re: [ossec-list] OSSEC report_changes If you have a rule set up to alert when files are changed the changes will also be shown in the alert. On Mon, Dec 6, 2010 at 16:17, jplee3 <[email protected]> wrote: > Hey guys, > > Is there a specific command or flag in agent_control or > syscheck_control that will display the actual changes to a file where > report_changes was set to "yes" ? > > > Or do I just have to go into the "/var/ossec/queue/diff/local/*" > directory and view the changed files myself? > > > > Thanks! -- Registered Linux User # 379282
