Thanks Dan. That worked perfectly.
Now, when we are making manual changed to these TRG files, i.e editing in notepad, OSSEC detects integrity change. But when DB is trying to edit these triggers ( Drop and re-create with same name.. different content), no integrity change is reported by OSSEC. realtime option set on this directory.. *<directories check_all="yes" restrict=".trg" realtime="yes">C:\Path</directories>* Thanks, ~Abhi On Wednesday, December 17, 2014 10:58:59 AM UTC-5, dan (ddpbsd) wrote: > > On Wed, Dec 17, 2014 at 10:50 AM, Abhi <[email protected] <javascript:>> > wrote: > > Hi, > > > > I wanted to monitor all files of type *.trg to make sure we get alert > each > > time integrity of any such file change within a particular directory. > > For using a wild card like *.trg, should I be using a <localfile> tag, > or a > > <directory>? > > > > When I am using a localfile tag, OSSEC prints following two messages: > > > > ERROR "unable to open file C:\ Path\*.trg > > INFO: File not available, ignoring it: C:\ Path \*.trg" > > > > localfiles is for log files to be monitored. > > > and when used with the directory tag, it says "WARN: Error opening > > directory: 'C:\Path\*.trg" > > > > We only want to monitor files of type "trg". Other files in that > directory > > don't need integrity monitoring. > > > > I can't remember if globbing works on Windows or not (I might be > thinking of localfiles), but restrict should work. > Try something like: > <directories check_all="yes" restrict=".trg">C:/path</directories> > > > Please advise. > > > > Thanks > > > > ~Abhi > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
