More comments: 1.When file have been changed ? Use realtime option (kernel needs to support inotify, most recent ones do)
2.Who have changed it ? No easy way to do this. I would use Audit tools and parse their output with an OSSEC decoder/rules (I think those would need to be created). 3.What have been changed ? As Dan mentioned, report_changes. Only works on text files (doesn't make sense for binaries). 4.Notify on certain changes . What do you mean? Permission changes, ownership changes are reported by syscheck too. On Sun, Dec 6, 2015 at 9:10 AM, dan (ddp) <[email protected]> wrote: > > On Dec 6, 2015 11:01 AM, "Nishant Porwal" <[email protected]> > wrote: > > > > Hi Guys , > > > > I need to monitor approx 50 config and flat files on 20 servers , means > 1000 files . > > > > My requirement is below . > > > > 1.When file have been changed ? > > 2.Who have changed it ? > > No one has come up with a way to do this through syscheck yet. > > > 3.What have been changed ? > > 4.Notify on certain changes . > > > > Most important part id "What have been changed " > > > > Report_changes I think is the option you want. > > > All are linux servers . > > > > OSSEC can help here ? > > I couldn't find anything in documentation specifying about "what have > beeen changed " . > > > > > > Thanks > > Nishant > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
