A couple of days ago I needed to parse integrity logs myself and found the above thread useful. Ended up writing up a quick n dirty bash script to do so and thought I'd post it here incase anyone finds it useful. It's certainly not my finest work but I may get around to turning it into something better.
Presently it takes single lines which are hardcoded as variables in the script but shouldn't be much work to have it parse a file. https://gist.github.com/auraltension/8b8af776647657b579cc $ ./ossec-syscheck-decoder.sh File: /etc/sudoers Date: Tue Jun 2 15:45:45 AEST 2015 # of changes: 0 changes File Size: 4002 Bytes File Mode: 100440 ownership: 0:0 sha1sum: 7f8136e115bc8877afdda1cb9c357da7ecdbb8d2 -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
