How would I go about writing a rule to capture my system administrators when they make a change to any user related function such as adding users, changing groups and so on, either on domains or locally.
I would assume the rule would need to be ID specific. So if admin_A and/or admin_B adds a user I need to get an alert for that. Thanks Robert -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
