The one you are running on your switches. I m using "show config". Actually it might be easier to filter out ntp results.
Any idea why the syslog output is not showing the full changes ? On mer. 8 avr. 2015 at 15:36 Brent Morris <[email protected]> wrote: > Yeah, I realized I'm going to get an alert every day for the botnet filter > license counter too. > > Which command are you referring to? > > > On Wednesday, April 8, 2015 at 12:16:22 PM UTC-7, Gaetan Noel wrote: > >> Thanks for your help guys. >> >> You are right Brett, the alert.log has all the info. The issue I have is >> with Splunk, everything gets sent via syslog and the event is as I pasted >> above. For the alert.log here's what I get : >> >> *** Alert 1428518183.14013429: - syslog,sshd,recon,* >> *--* >> *Rule: 555 (level 7) -> 'Integrity checksum for agentless device >> changed.'* >> *ossec: agentless: Change detected:* >> *1404c1404* >> *< ntp clock-period 22519145* >> *---* >> *> ntp clock-period 22519163* >> *2806a2807* >> *> Connection to x.x.x.x closed by remote host.* >> >> That script doesn't give me any problem , it seems to work fine. Although >> I should probably change something so it doesn't alert me for the NTP >> change. May I ask what command you are running ? >> >> Thanks, >> Gaetan >> > -- > > --- > You received this message because you are subscribed to a topic in the > Google Groups "ossec-list" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ossec-list/oRN7sK-pYb0/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
