Currently I have this setup as a local OSSEC installation. Of course, when we go live this will be in a central/agent config. However, we don't have agentless implemented and have no immediate plans to do so (as an SSH key implementation would be strongly recommended, which is a bridge we have not come to yet).
On Dec 7, 12:34 am, "tanishk lakhaani" <[email protected]> wrote: > Else, I think u can consider implementing agentless monitoring on the Remote > Linux box. Agentless Version of the OSSEC has 4 plugins (pls check the same > on the site), one of which helps u in implementation of the same. > > Regards > Tanishk > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > > Behalf Of Joe Gedeon > Sent: Tuesday, December 07, 2010 3:24 AM > To: [email protected] > Subject: Re: [ossec-list] OSSEC report_changes > > If you have a rule set up to alert when files are changed the changes > will also be shown in the alert. > > On Mon, Dec 6, 2010 at 16:17, jplee3 <[email protected]> wrote: > > Hey guys, > > > Is there a specific command or flag in agent_control or > > syscheck_control that will display the actual changes to a file where > > report_changes was set to "yes" ? > > > Or do I just have to go into the "/var/ossec/queue/diff/local/*" > > directory and view the changed files myself? > > > Thanks! > > -- > Registered Linux User # 379282 > >
