Hi Jorge,
So I guess there in no way to modify this on a live system .You need to recompile and install ossec? Thank you BR On Dec 20, 7:28 pm, Jorge Armando Medina <[email protected]> wrote: > On 12/20/2011 09:07 AM, alsdks wrote: > > > Hello, > > Hello, > > > > > Is there a way to have reportd to not "cutt" long paths , it seems to > > have a max character limitation. > > I was working on this last week, I had to modify the source code for > monitord, I think the file is: src/shared/report_op.c. > > You can test the attached patch for 2.6, I hope it works for you. > > > > > > > > > > > > > For example output of "zcat logs/alerts/2011/Dec/*.gz | bin/ossec- > > reportd -n "Month Summary" 2>" is showing like : > > > Top entries for 'Filenames': > > ------------------------------------------------ > > /etc/utmp |17 | > > /etc/opt/resmon/log/registrar.log |9 | > > /etc/opt/resmon/log/registrar.log.old |6 | > > /etc/security/lastlog |6 | > > /opt/ossec/etc/ossec.conf |6 | > > /var/ossec/etc/ossec.conf |6 | > > HKEY_LOCAL_MACHINE\Security\SAM\Domains\Acco.. |6 | > > HKEY_LOCAL_MACHINE\Software\Microsoft\Window.. |6 | > > HKEY_LOCAL_MACHINE\Software\Microsoft\Window.. |6 | > > HKEY_LOCAL_MACHINE\Software\Microsoft\Window.. |6 | > > HKEY_LOCAL_MACHINE\Software\Policies\Microso.. |6 | > > HKEY_LOCAL_MACHINE\Software\Policies\Microso.. |6 | > > HKEY_LOCAL_MACHINE\System\CurrentControlSet\.. |6 | > > HKEY_LOCAL_MACHINE\System\CurrentControlSet\.. |6 | > > > So from the report it is not possible to see what the full name is . > > In this example it could be anything under HKEY_LOCAL_MACHINE\Software > > \Microsoft\Window... > > > Thank you > > -- > Jorge Armando Medina > Computación Gráfica de México > Web:http://www.e-compugraf.com > Tel: 55 51 40 72, Ext: 124 > Email: [email protected] > GPG Key: 1024D/28E40632 2007-07-26 > GPG Fingerprint: 59E2 0C7C F128 B550 B3A6 D3AF C574 8422 28E4 0632 > > ossec-hids-2.6-src-shared-report_op.c.patch > 2KViewDownload > > signature.asc > < 1KViewDownload
