On Apr 5, 2015 7:03 AM, "Bijesh Maskey" <[email protected]> wrote: > > I have OSSEC Server setup in CentOS and working perfectly fine.. now i want to tune the it. As we already have SIEM server. I would like to disable all the logs except the FIM. I have gone through various documents as FIM only alerts up to 3 changes only via email now i would like to alter only the FIM and nothing else. can anyone guide me or provide a link for me to do require setup. also i couldnt find where shall i configure ossec to notify file chages even though it is greater than 3 changes via email. >
There's an auto ignore option you can set to no to enable email past the third change. > > thanks > regards > bijesh > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
