Take a look at this - http://www.immutablesecurity.com/index.php/2009/10/26/week-of-ossec-day-2-detecting-new-files/
On Wed, Apr 27, 2011 at 1:57 PM, Maahkus <[email protected]> wrote: > Hi group - OSSEC is used in our environment mainly for File Integrity > Monitoring. We've installed OSSEC locally on each server and the logs > are sent to a centralized logging solution. > > Is there a way that OSSEC can alert when a file is moved or copied in/ > from a particular directory? Currently we are only getting the 1st, > 2nd, 3rd checksum changed alerts as well as file deletes. I'd like to > get an alert on new files also but haven't figured out how. Any ideas > or tips will be greatly appreciated.. > > Thanks!
