On Tue, 2 Aug 2011 08:08:58 -0700 (PDT), Alisha Kloc wrote:
If I could, that's exactly how I'd do it. Unfortunately, like I said,
we are not allowed to clear the logs on these systems - they have to
remain there locally. We can't do anything except read them.
Believe me, I'd love to be able to use your suggestion, because it
would solve this whole issue very quickly. But we're limited to a
strict "look, don't touch" policy...
The only other thing I can think to suggest is to script the diff
locally. So OSSEC could kick off a local script and capture the stdout
or something like that.
-Mike
