Has anyone used OSSEC for software inventory? I'd like to: a) Be able to compile a list of systems that have a certain package installed (which I am content to do with script-foo on the server). b) Be informed via syslog or email of (un)installations of packages.
My initial attempt (on Redhat and clones) has been to use process monitoring on the "rpm -qa | sort" command periodically along check_diff to alert on changes. For some systems, especially desktops that can have thousands of installed packages in our environment, it seems that there are too many characters are being returned by the rpm command and output is getting truncated, and changes to packages that sort closer to the end of the alphabet are being missed. Is there an easier way to go about this? Here's where I was getting my notes on process monitoring from: hxxp://www.ossec.net/doc/manual/monitoring/process-monitoring.html Thanks in advance! Weezel -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
