And just make sure you use the full path of the command, to be safe. So if
it's ethtool - /sbin/ethtool or /usr/sbin/ethtool or whatever
It should look something like this:
<localfile>
<log_format>full_command</log_format>
<command>/sbin/ethtool eth0 | grep Link</command>
</localfile>
On Wed, Sep 7, 2011 at 11:40 AM, Jeremy Lee <[email protected]> wrote:
> You wouldn't actually use "sudo" when specifying in the full_command
> directive. OSSEC will run as root, so all you have to do is put the command
> itself in and it will work.
>
>
> On Wed, Sep 7, 2011 at 11:34 AM, Eero Volotinen <[email protected]>wrote:
>
>> 2011/9/7 Jeremy Lee <[email protected]>:
>> > Your intention, though, is to essentially alert you when the link status
>> > changes no? full_command works very well for this purpose. Otherwise, if
>> you
>> > can figure out how to do it with the log file, by all means...
>>
>> Yes, it's important to detect when links goes down, up or flaps up and
>> down. anyway, using sudo to run command without password looks a bit
>> insecure solution.
>>
>> --
>> Eero
>>
>
>
