On Fri, Sep 30, 2011 at 4:11 PM, JamesH <[email protected]> wrote: > Hello, > > Integrity checksum alerts from our ssh_pixconfig_diff only email a few > lines of diff followed by "More changes.." Is there anyway to receive > the entire diff? I haven't found any. >
If you run the script by hand, do you get all of the output? > Also, on a similar topic: > Is there anyway to write rules that would trigger based on the conents > of that diff? The "ossec" group rules are kind of a black box. I don't > know what they are decoding (no log source), so I don't know if I can > use ossec-logtest to test. Any ideas?
