Hello, Integrity checksum alerts from our ssh_pixconfig_diff only email a few lines of diff followed by "More changes.." Is there anyway to receive the entire diff? I haven't found any.
Also, on a similar topic: Is there anyway to write rules that would trigger based on the conents of that diff? The "ossec" group rules are kind of a black box. I don't know what they are decoding (no log source), so I don't know if I can use ossec-logtest to test. Any ideas?
