Trying to include filesystem integrity alert diffs. Testing with /etc
I have verified that both ossec.conf on server and /var/ossec/etc/shared/agent.conf has 'report_changes=yes' for /etc. /var/ossec/queue/diff/local/etc/fstab folder includes the diff file on the client. The alert triggers, but the diff is not included with the alert. Is there some other hidden setting I need to look for? Does ossec.conf on the server need to match agent.conf on the client?
