On Thu, Feb 6, 2014 at 3:05 PM, Sean Jackson <[email protected]> wrote: > These emails come during the morning, and the on-call guys are weary from > getting them when they come. > > Can anyone help me tune OSSEC so they come closer to when changes were made > (the changes in these examples happened 12-14 hours earlier)? >
You could try realtime, or reducing the time between scans. > OSSEC HIDS Notification. > 2014 Feb 06 04:40:34 > > Received From: (xxxxxxxxxx) XXX.XX.58.194->syscheck > Rule: 550 fired (level 7) -> "Integrity checksum changed." > Portion of the log(s): > > Integrity checksum changed for: '/usr/bin/git-check-attr' > Size changed from '1412976' to '1417808' > Old md5sum was: '10dfa23bcacb1913419d4ca65a6442e2' > New md5sum is : 'd59af7c52c919ad764b9a7c6ee9e997a' > Old sha1sum was: '67ec1ab51b102638a4dbfdda2e5e0e38a29b0a5b' > New sha1sum is : '9241833f9901325ac39916b95cfa192d24a2cb20' > > > > --END OF NOTIFICATION > > > > OSSEC HIDS Notification. > 2014 Feb 06 04:40:38 > > Received From: (xxxxxxxx) XXX.XX.58.194->syscheck > Rule: 550 fired (level 7) -> "Integrity checksum changed." > Portion of the log(s): > > Integrity checksum changed for: '/usr/bin/git-merge' > Size changed from '1412976' to '1417808' > Old md5sum was: '10dfa23bcacb1913419d4ca65a6442e2' > New md5sum is : 'd59af7c52c919ad764b9a7c6ee9e997a' > Old sha1sum was: '67ec1ab51b102638a4dbfdda2e5e0e38a29b0a5b' > New sha1sum is : '9241833f9901325ac39916b95cfa192d24a2cb20' > > > > --END OF NOTIFICATION > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
