Hi, I have been researching this for a few days and cannot find anything. I would like a rule to alert me if a program is not running.
On the agent I added a process monitoring where a command: ps -ef | grep program-name is run. On the server side I have tried creating a rule to send an e-mail out if the output is nothing. Basically if the program is running, that command will output the PID and paths etc, and if not running it will output nothing. I tried using <check_diff/> but the output changes frequently (even though the process keeps running), so we cannot use that as an option. Could someone please point me in the right direction? Thanks, Robert -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
