Did you ever find out a method? Or just assume the indexing is enough?
On Thursday, 9 February 2012 19:57:46 UTC, awhitehatter wrote: > > Hi There, > > Can someone assist me with PCI requirement 10.5.5 as it relates to > configuring of OSSEC? > > The requirement says: > > 10.5.5 - > Use file-integrity monitoring or change detection software on logs to > ensure that existing log data cannot be changed without generating > alerts(although new data being added should not cause an alert). > > OSSEC says in .pdf (http://www.ossec.net/ossec-docs/ossec-PCI- > Solution.pdf <http://www.ossec.net/ossec-docs/ossec-PCI-Solution.pdf>): > > OSSEC's System Integrity Checking module can be configured to monitor > file system changes (such as changes to files, new files getting > created, new directories being created, files being removed etc) > and ... OSSEC will not alert on new additions to log files but instead > would only alert if the new entries indicate malicious behavior. The > combination of system integrity and logs inspection can help > administrators monitor log files without a lot of false alerts. > > So how is this configuration created? Can someone provide examples or > some sort of starting point? > > thanks for reading!! -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
