Why do you suspect files have changed? Does the current md5 or sha hash of the files match the entries in the syscheck db?
On Wed, Jul 27, 2011 at 1:34 PM, Patrick <[email protected]> wrote: > How would I go about troubleshooting if I suspect that some files were > changed and Ossec didn't alert on the change? > I'm currently using Ossec 2.0. > > The files were in the /bin on a Linux server. > > Thanks, > Patrick
