OSSEC is sending alerts of file changes to alerts.log, but I do not see anything in /var/ossec/queue/diff. I have report_changes set to yes. Inside /var/ossec/queue/syscheck/agent_directory it show a list of files with hashes, but not what actually changed, nor before and after hashes either.
Also, should these be showing up in diff directories on both the Agent and the Server? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
