If this is documented somewhere I apoligize, I can't find it. We are using OSSEC 2.8.1 on RedHat Linux (some 5.x, some 6.x) and using Logstash to populate elasticsearch. I've configured ossec to output json for logstash. The problem is that neither the size, permissions, or diffs show up in the json output. But they do show up in the alerts log. Since I need those details to be available via elasticsearch/kibana, I'm resigned to having to write a script to do it. I see where the copies of the monitored files are stored but I don't see where the permissions are stored. The permissions on the last-entry file do not match the monitored file. So how do I find the last-entry files permissions?
Is there any work being done to add the file size/perms/diffs to the json output? Thanks Richard -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
