I'm glad to see that Ossec is finally able to log to a mysql database. I do have a question though. What all is sent to the database? I am using Ossec strictly for the hids capability. But it looks like only the log alerts like the windows event logs or syslogs are sent to the database.
What I am really looking for is to be able to create a report of files that have changed on each host within the past 24 hours, past week, past 30 days, etc. Was hoping I could pull this information out of the database. Is this data being sent or is it still in the flat log files? Thanks
