I see this and what I am understanding is I would get an alert if new files were created correct? I would also like an alert if files were deleted and by who.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jason 'XenoPhage' Frisvold Sent: Wednesday, February 23, 2011 12:51 PM To: [email protected] Subject: Re: [ossec-list] File and folder monitoring -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/23/2011 01:12 PM, Chad Hammond wrote: > How do I setup file and folder monitoring on a directory? > > Any help with this would be greatly appreciated. Add a syscheck section to your ossec.conf and/or agent.conf file : <syscheck> <frequency>7200</frequency> <auto_ignore>no</auto_ignore> <alert_new_files>yes</alert_new_files> <directories check_all="yes">/etc</directories> <syscheck> > Chad Hammond - -- - --------------------------- Jason 'XenoPhage' Frisvold [email protected] - --------------------------- "Any sufficiently advanced magic is indistinguishable from technology." - - Niven's Inverse of Clarke's Third Law -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk1lVzAACgkQ8CjzPZyTUTQ1NgCgpcXbhIpIvSRYT0yfnMqF1tzB nkMAoKL1DDux85mdiM/RQfl9fuk5jisV =IQFp -----END PGP SIGNATURE----- Chad Hammond Systems Administrator Northland Group 7831 Glenroy Rd Edina, MN 55439 Direct 952-837-0625 -------------------------------------------------------------------------- THIS MESSAGE, INCLUDING ANY ATTACHMENTS, IS CONFIDENTIAL AND PROPRIETARY, AND MAY CONTAIN PRIVILEGED INFORMATION. IF YOU HAVE RECEIVED THIS TRANSMISSION IN ERROR, PLEASE NOTIFY THE SENDER BY RETURN E-MAIL AND DELETE THIS MESSAGE FROM YOUR SYSTEM. ANY UNAUTHORIZED USE OF THIS MESSAGE, IN WHOLE OR IN PART, IS STRICTLY PROHIBITED. PLEASE NOTE THAT EMAILS ARE SUSCEPTIBLE TO TAMPERING. NORTHLAND GROUP, INC. SHALL NOT BE LIABLE FOR THE IMPROPER OR INCOMPLETE TRANSMISSION OF THE INFORMATION CONTAINED IN THIS COMMUNICATION, NOR FOR ANY DELAY IN ITS RECEIPT OR DAMAGE TO YOUR SYSTEM. NORTHLAND GROUP, INC. DOES NOT GUARANTEE THAT THE INTEGRITY OF THIS COMMUNICATION HAS BEEN MAINTAINED, NOR THAT THIS COMMUNICATION IS FREE FROM VIRUSES, INTERCEPTIONS OR INTERFERENCE
