Hi,
I am having issues in firing an rule to check deletion of files:
<rule id="553" level="7">
<category>ossec</category>
<decoded_as>syscheck_deleted</decoded_as>
<description>File deleted. Unable to retrieve checksum.</
description>
<group>syscheck,</group>
</rule>
i overwrite this rule in local_rules.xml as
<rule id="553" level="7" overwrite="yes">
<category>ossec</category>
<decoded_as>syscheck_deleted</decoded_as>
<description>File deleted. Unable to retrieve checksum.</
description>
<group>syscheck,</group>
</rule>
do i need to make some changes in ossec.conf file as well.. or
something else to get alert on file deletion?
please help... i am stuck on this part of and couldn't found any good
info for this on internet.
Thanks
Ajay
