Thanks for the response. So is there an account that will ssh into the target machine? and if so is it using keys instead of a password?
In regards to my second question: We have logs going to splunk to review changing of files but I am not getting "who" changed the file. On Friday, August 18, 2017 at 8:40:06 AM UTC-4, dan (ddpbsd) wrote: > > > On Aug 18, 2017 8:35 AM, "Tray" <[email protected] <javascript:>> > wrote: > > Hello, > I am new to OSSEC however, it will be set up in my environment and I am > trying to get an idea of what it takes to set up the agentless ossec. What > will be needed for the install/configuration on the target system? > > > > An ssh daemon. > > Also in looking at some outputs of OSSEC agentless, I noticed there is > no user (person who made a change on the system) listed in the output. How > can this be configured? > > > Setup auditing on the system to monitor changes to files, create rules to > watch for those log messages. Forward the logs via syslog to the ossec > manager. > > > Thanks any assistance is greatly appreciated. > > Tracy > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > For more options, visit https://groups.google.com/d/optout. > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
