Hello! I want to send only changed filenames, like it in email(see below) ?
Is there're any way, to avoid waiting rule 515 with "Ending syscheck scan" and parse all logs by hands ? Thank you! ---------- email message with aggregation multiple events to a single email ---------------- OSSEC HIDS Notification. 2016 Feb 22 06:10:15 Received From: serv-10244->syscheck Rule: 550 fired (level 7) -> "Integrity checksum changed." Portion of the log(s): Integrity checksum changed for: '/home/woodwork/public_html/ xc4dev/var/templates_c/c7659adfadb0a34875da46831ecaa5 4e/%%10^10D^10D3B5F4%%import_export.tpl.php' Old md5sum was: 'dceb399d30e95119919656e661204554' New md5sum is : '81245ed3dd02f3406eb8a2fed54d9942' Old sha1sum was: '7d76c4a8134f64290c14706f15e7c7a28256fc51' New sha1sum is : '539cf636a958d88a3e8f1f8fbb468716a9a0a6d1' --END OF NOTIFICATION OSSEC HIDS Notification. 2016 Feb 22 06:10:15 Received From: serv-10244->syscheck Rule: 550 fired (level 7) -> "Integrity checksum changed." Portion of the log(s): Integrity checksum changed for: '/home/woodwork/public_html/ xc4dev/var/templates_c/c7659adfadb0a34875da46831ecaa5 4e/%%C3^C39^C3917CB7%%zipcode.tpl.php.md5' Old md5sum was: '893a40c51c7f8bf5be98319a30c05a18' New md5sum is : '94a2aab9fc50d05b6838e2bff772ee75' Old sha1sum was: '092003613f24ac04e5214dc24d1dcb0494dbca03' New sha1sum is : 'ed5607668955e07bedc7529f1f18843e174fdcf1' --END OF NOTIFICATION -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
