On Tue, Sep 2, 2014 at 1:10 PM, Bonnie Beeler <[email protected]> wrote: > What code? If ossec is supposed to monitor file changes, why wouldn't it > tell you the time the file changed. Am I missing something. It is one other > field to add to the report. Why isn't this done? >
Here's the deal. I don't have a way to verify the Windows behavior, so I assumed you knew what you were doing when you posted. If it's not doing "the right thing," then the code (source code can be found on github: https://github.com/ossec/ossec-hids) would probably have to change. Make the changes, and submit a pull request. > On Tuesday, September 2, 2014 7:55:30 AM UTC-4, dan (ddpbsd) wrote: >> >> On Fri, Aug 29, 2014 at 5:42 PM, Bonnie Beeler <[email protected]> wrote: >> > When I run syscheck_control -i on a specific agent it is displaying the >> > incorrect time. It is displaying the time the report ran for the Linux >> > boxes and for the Windows boxes it is displaying some random time >> > sometimes >> > time stamped after the time the report runs. >> > >> > >> > >> > The files were modified on 8/28/14 and it is displaying 8/29/14. And >> > when >> > ossec-syscheckd runs it reports that the file changed after the time >> > stamp >> > that the report ran. That definitely isn't possible. >> > >> > So, I am wondering if there is something I can do for it to: write the >> > date >> > modified to the database and then when the report is ran it displays the >> > time the file was modified and not the time the report ran or whatever >> > it is >> > actually displaying. >> > >> >> No, not without modifying the code. >> >> > >> > >> > >> > Thanks, >> > >> > Bon >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
