Ok?
On Wed, Apr 18, 2012 at 9:30 AM, C. L. Martinez <[email protected]> wrote: > I am using windows osec agent on the windows server side .... > > > On Wed, Apr 18, 2012 at 3:27 PM, dan (ddp) <[email protected]> wrote: >> The <localfile> option is for monitoring the contents of a log file. >> How would OSSEC find out about who accesses a file if there are no >> logs telling it that information? (assuming there are no kernel hooks >> or anything to grab that info "off the wire") >> >> On Wed, Apr 18, 2012 at 9:07 AM, C. L. Martinez <[email protected]> wrote: >>> Uhmm I see .. But can monitor these access using <localfile> directive >>> in agent.conf?? >>> >>> On Wed, Apr 18, 2012 at 2:58 PM, dan (ddp) <[email protected]> wrote: >>>> It all depends on the log message. >>>> >>>> On Wed, Apr 18, 2012 at 8:54 AM, C. L. Martinez <[email protected]> >>>> wrote: >>>>> Still I haven't access log ... If I use unc instead of c:\dir\file?? >>>>> like this: \\server1\dir\file ... >>>>> >>>>> Exists another option to monitor/control access to a files and dirs in >>>>> a Windows servers using OSSEC? >>>>> >>>>> >>>>> On Wed, Apr 18, 2012 at 2:42 PM, dan (ddp) <[email protected]> wrote: >>>>>> Is the access attempt logged? Do you have a log sample for user3 >>>>>> trying to access c:\temp\somedir? >>>>>> >>>>>> Also, I think the : in c: might mess with the cdb list... >>>>>> >>>>>> On Wed, Apr 18, 2012 at 8:38 AM, C. L. Martinez <[email protected]> >>>>>> wrote: >>>>>>> Hi all, >>>>>>> >>>>>>> Is it possible to monitor files and directories using cdb lists when >>>>>>> a user tries to access?? For example: user1 has access to dir >>>>>>> c:\temp\somedir and user2 has access to c:\somdir\somefile.txt. If it >>>>>>> is possible to trigger and alert if user3 tries to access to >>>>>>> c:\temp\somedir or c:\somdir\somefile.txt using a cdb list like this: >>>>>>> >>>>>>> c:\temp\somedir:user1 >>>>>>> c:\somdir\somefile.txt:user2 >>>>>>> d:\anotherdir:user1,user2 >>>>>>> >>>>>>> ?? >>>>>>> >>>>>>> Thanks.
