Hello, We have some questions regarding analysing log files with OSSEC referring to the log file requirements in PCI-DSS 10.5.5.
PCI DSS 10.5.5.: *Use file-integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts (although new data being added should not cause an alert).* To cover this issue we wanted to enable real-time monitoring on our log file directories. Unfortunately we are getting this error: Ignoring flag for real time monitoring on directory: '/data/' Our servers are based on Ubuntu 10.04, 11.04 and 11.10, all x64 systems. We are using OSSEC 2.5 for clients and server. I know, that for real-time monitoring the tool inotify-tools must be installed, but unfortunately this didn’t resolve the issue. Do you have any suggestions have we can make the real-time monitoring of growing log files working correctly? Thank you very much in advantage Regards. Andreas Lang
