Appreciate any help. Regards, Vibin
On 3 May 2018 at 15:13, Vibin K Madampath <[email protected]> wrote: > Hello Team, > > OSSEC is not reporting the file content changes thru email even though it > is configured to do so. > > I can see the changes made in the diff directory but not in the alerts.log. > > Could you please help me to fix this issue. Let me know if you need any > other details. > > OSSEC.CONF > > <!-- Directories to check (perform all possible verifications) --> > <directories report_changes="yes" realtime="yes" > check_all="yes">/etc,/usr/bin,/usr/sbin</directories> > <directories report_changes="yes" realtime="yes" > check_all="yes">/bin,/sbin</directories> > > diff directory > > -rw-r--r-- 1 root root 22 May 2 08:24 diff.1525249477 > -rw-r--r-- 1 root root 1427 May 3 07:33 last-entry > -rw-r--r-- 1 root root 60 May 3 07:33 diff.1525332798 > > alerts.log > > # grep fstab alerts.log > Integrity checksum changed for: '/etc/fstab' > Integrity checksum changed for: '/etc/fstab' > > > # grep -A5 556 ossec_rules.xml > <rule id="556" level="11"> > <if_sid>500</if_sid> > <match>^ossec: What changed: </match> > <description>File content changed.</description> > <group>syscheck,</group> > </rule> > > <alerts> > <log_alert_level>1</log_alert_level> > <email_alert_level>11</email_alert_level> > </alerts> > > -- > Regards, > > Vibin > -- Regards, Vibin -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
