Is this for a Windows agent or Linux agent?  

If Windows I can let you know what I've done to accomplish this, which 
doesn't use OSSEC sycheck but rather a combination of Windows File Auditing 
and customized OSSEC rules.

- Bruce

On Wednesday, April 11, 2018 at 10:18:10 AM UTC-4, wrote:
> I'm using OSSEC HIDS
> from this i'm getting the alerts based on all events. but, i need to know 
> a *user whom modified the specific file*.
> is this possible? 


You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
For more options, visit

Reply via email to