Hey Kay.. I think Agentlesss monitoring of a remote linux box can help u do that.. There is a script that alerts u wen there is any change in the file. I think that plugin's name is ssh_generic_diff.
Rgds Tanishk Sent from BlackBerry® on Airtel -----Original Message----- From: Kat <[email protected]> Sender: [email protected] Date: Thu, 5 May 2011 09:00:25 To: ossec-list<[email protected]> Reply-To: [email protected] Subject: [ossec-list] rule for logging?? Hi all.. So I have a way to do this using ossec to funnel all log-file data to a database - (encrypted logfile transmission), but, I was wondering if anyone might hav an idea for a generic "syslog" rule that would allow you to monitor a file in "syslog" format and just tell analysisd to essentially "alert" on every entry - which allows you to stuff that alert into a DB? The reason for this is to have OSSEC act like both a HIDS and as a centralize log file management tool.. Of course you could reduce the alert level so it does not really "alert" but just drops the record into a database... Thoughts/comments? -Kat
