These emails come during the morning, and the on-call guys are weary from getting them when they come.
Can anyone help me tune OSSEC so they come closer to when changes were made (the changes in these examples happened 12-14 hours earlier)? OSSEC HIDS Notification. 2014 Feb 06 04:40:34 Received From: (xxxxxxxxxx) XXX.XX.58.194->syscheck Rule: 550 fired (level 7) -> "Integrity checksum changed." Portion of the log(s): Integrity checksum changed for: '/usr/bin/git-check-attr' Size changed from '1412976' to '1417808' Old md5sum was: '10dfa23bcacb1913419d4ca65a6442e2' New md5sum is : 'd59af7c52c919ad764b9a7c6ee9e997a' Old sha1sum was: '67ec1ab51b102638a4dbfdda2e5e0e38a29b0a5b' New sha1sum is : '9241833f9901325ac39916b95cfa192d24a2cb20' --END OF NOTIFICATION OSSEC HIDS Notification. 2014 Feb 06 04:40:38 Received From: (xxxxxxxx) XXX.XX.58.194->syscheck Rule: 550 fired (level 7) -> "Integrity checksum changed." Portion of the log(s): Integrity checksum changed for: '/usr/bin/git-merge' Size changed from '1412976' to '1417808' Old md5sum was: '10dfa23bcacb1913419d4ca65a6442e2' New md5sum is : 'd59af7c52c919ad764b9a7c6ee9e997a' Old sha1sum was: '67ec1ab51b102638a4dbfdda2e5e0e38a29b0a5b' New sha1sum is : '9241833f9901325ac39916b95cfa192d24a2cb20' --END OF NOTIFICATION -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
