Dear Michael, yes- our posts got mixed up- please see our reply to your original post- thanks
On Wednesday, September 19, 2012 5:04:57 PM UTC+2, Michael Starks wrote: > > On 19.09.2012 09:43, Andreas Lang wrote: > > Thank you for your suggestion. But we don’t want to monitor the > > OSSEC log files. For PCI we have to monitor the normal server and > > application logs. The requirement is that an alert is generated if a > > log file is changed. Real time monitoring would do exactly that. > > Besides if new entries are added to the log file at the bottom there > > no alert should be generated. > > One of us is confused. :) You can monitor normal system logs for > nefarious activity *and* get an alert if that file is truncated while > running. >
