You should check out the policy auditing feature. This is a part of rootkit check.
If you have rootkit check enabled, configure it to use one of the policy files. you may have to configure the policy file to check for the specific service you want. On Thu, Jun 23, 2011 at 5:00 PM, SystemAli <[email protected]> wrote: > great..i see them getting logged there :) Thank you... > > Secondly ..i need to monitor additional services on the agent, how can id > to that so it oo gets logged on the server ? for eg..failed services like > mail / ftp / sshd etc etc >
