use syscheck on those logs i suppose thats ur best bet
On Thu, 2011-03-24 at 12:26 -0700, Lars Oberg wrote: > Hello, > > How can I configure ossec to alert me if somebody tampers with a log file? > > In other words, I do not want to get alerts anytime something is added > to the log, but I want to get alerts if existing contents in the log > file is modified or deleted. > > Thanks, > Lars >
