I am using the OSSEC 2.6 to monitoring a symbolic link (ie. $HOME/abc) to a phy dir (ie. $HOME/abc-v123). The syscheck alert work, but in the alert email, there is no diff shown for the txt file change. Moreover, I found there is no image of the files stored in /var/ossec/queue/ diff. What's the problem? is it because the path is a symbolic link rather than a phy dir? thanks
- [ossec-list] No diff shown in the alert email Macus
