Hi Everyone, I have setup OSSEC 2.8 Manager using Security Onion 12.04 LTS. The Ossec Client agents have been installed on 6 Windows machines.
I receive alerts for file additions and modifications but not when the monitored files are deleted. I face the following issues: *Issue 1* The Ossec agent has been configured to monitor folders. If a file within the folder is deleted, then I do not receive any alert. Moreover the client ossec log does not mention that the file is missing or deleted and there is no entry in the alert.log file present in the Ossec Manager. *Issue 2* The Ossec agent has been configured to monitor specific files. If a file has been deleted, the client ossec log has the following entry: "2014/08/06 15:31:58 ossec-agent: WARN: Error opening directory: 'C:\Delete check 2/Delete2.conf/': No such file or directory " But I do not receive any alert that a file has been deleted. The alert.log file present in the Ossec Server does not reflect any such event. Rule 553 is present in the ossec_rules.xml and has not been tampered with. Could you kindly help me out with the issue. Any help will be greatly appreciated! Thanks in advance... -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
