I'm sorry, have you resolved this problem? I have the same problem... среда, 5 октября 2011 г., 2:28:30 UTC+5 пользователь JamesH написал: > > Yes. Running the agentless command displays the full configuration. > It's only when the diff shows changes and OSSEC emails the alert, it > is truncated. > > On Oct 3, 7:53 pm, "dan (ddp)" <[email protected]> wrote: > > On Fri, Sep 30, 2011 at 4:11 PM, JamesH <[email protected]> wrote: > > > Hello, > > > > > Integrity checksum alerts from our ssh_pixconfig_diff only email a few > > > lines of diff followed by "More changes.." Is there anyway to receive > > > the entire diff? I haven't found any. > > > > If you run the script by hand, do you get all of the output? > > > > > > > > > > > > > > > > > Also, on a similar topic: > > > Is there anyway to write rules that would trigger based on the conents > > > of that diff? The "ossec" group rules are kind of a black box. I don't > > > know what they are decoding (no log source), so I don't know if I can > > > use ossec-logtest to test. Any ideas?
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
