On Mon, May 7, 2018 at 1:09 AM, Vibin K Madampath <mm.vi...@gmail.com> wrote: > Appreciate any help. > > Regards, > Vibin > > On 3 May 2018 at 15:13, Vibin K Madampath <mm.vi...@gmail.com> wrote: >> >> Hello Team, >> >> OSSEC is not reporting the file content changes thru email even though it >> is configured to do so. >> >> I can see the changes made in the diff directory but not in the >> alerts.log. >> >> Could you please help me to fix this issue. Let me know if you need any >> other details. >> >> OSSEC.CONF >> >> <!-- Directories to check (perform all possible verifications) --> >> <directories report_changes="yes" realtime="yes" >> check_all="yes">/etc,/usr/bin,/usr/sbin</directories> >> <directories report_changes="yes" realtime="yes" >> check_all="yes">/bin,/sbin</directories> >> >> diff directory >> >> -rw-r--r-- 1 root root 22 May 2 08:24 diff.1525249477 >> -rw-r--r-- 1 root root 1427 May 3 07:33 last-entry >> -rw-r--r-- 1 root root 60 May 3 07:33 diff.1525332798 >> >> alerts.log >> >> # grep fstab alerts.log >> Integrity checksum changed for: '/etc/fstab' >> Integrity checksum changed for: '/etc/fstab' >> >> >> # grep -A5 556 ossec_rules.xml >> <rule id="556" level="11"> >> <if_sid>500</if_sid> >> <match>^ossec: What changed: </match> >> <description>File content changed.</description> >> <group>syscheck,</group> >> </rule> >> >> <alerts> >> <log_alert_level>1</log_alert_level> >> <email_alert_level>11</email_alert_level> >> </alerts> >>
I don't usually use this option, so I've had to enable it to see how it actually works. >> -- >> >> Regards, >> >> Vibin > > > > > -- > Regards, > > Vibin > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
