On Wed, Feb 14, 2018 at 2:26 PM, <temp.email....@gmail.com> wrote: > OSSEC is sending alerts of file changes to alerts.log, but I do not see > anything in /var/ossec/queue/diff. I have report_changes set to yes. Inside > /var/ossec/queue/syscheck/agent_directory it show a list of files with > hashes, but not what actually changed, nor before and after hashes either. >
This isn't a feature I use, so I'm not entirely sure. You can check owner, group, and permissions of the diff directory. I have 750 ossec:ossec. > Also, should these be showing up in diff directories on both the Agent and > the Server? > I think they stay on the agent, but I'm not positive. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.