Field 7 passed to an AR command is supposed to be "file".
Triggering off of rule 550 (syscheck file integrity changed) and logging
arguments 1 through 7, I would expect argument 7 to show the file that changed.
Instead I see this:
add - - 1435510407.21426431 550 (foo.our.com) xx.xx.227.96->syscheck
^^^^^^^^^^^^^^^^^^^^^^
Is this a bug? What am I doing wrong?
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
