On 2014-03-31 9:45, Laurens Hardlife wrote:
There's no way to check if a file got smaller using syscheck. What you
can do tho is create an active response script that checks if a file
got smaller that fires whenever rule 550 fires (syscheck file
changes).
Here's my script (in this case it sends an e-mail but you can also
make it do something else):
Does rule 592 not work for you?
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
