Is this for a Windows agent or Linux agent?  

If Windows I can let you know what I've done to accomplish this, which 
doesn't use OSSEC sycheck but rather a combination of Windows File Auditing 
and customized OSSEC rules.

- Bruce


On Wednesday, April 11, 2018 at 10:18:10 AM UTC-4, 
dee...@information-secure.com wrote:
>
> I'm using OSSEC HIDS
>
> from this i'm getting the alerts based on all events. but, i need to know 
> a *user whom modified the specific file*.
> is this possible? 
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to