Hi,
I am using OSSEC to monitor a particular directory for changes. It's
working wonderfully for all the files in that directory(Including files in
sub-directories). Getting reports on file addition, deletion etc.
Another thing which I would like to have is to get reports on
Directory(addition, deletion, rename) and permissions changes on a
directory. Currently, OSSEC seems to be reporting for these changes only on
a file level. Is that by design? or could I be missing something in the
configuration.
I have added following items:
<directories check_all="yes" realtime="yes" report_changes="yes">Directory
Path</directories>
<alert_new_files>yes</alert_new_files>
Following added to local rules:
<rule id="100101" level="10">
<if_sid>554</if_sid>
<category>ossec</category>
<decoded_as>syscheck_new_entry</decoded_as>
<description>File added to the system.</description>
<group>syscheck,</group>
</rule>
It's working perfectly for files, but no alert on directories(Add, delete,
rename). Any help / suggestions would be appreciated.
Much Thanks..
~ Abhi
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
