hi all,
I have installed and configure ossec server in cent os 6 and two client Win
2k8 and cent os as agents running on my virtual box. Ossec is running
smoothly and detecting all the changes made on the files where the path is
assigned. I am getting logs form both the clients. but the problem came
when I did my test for delete files. on the ossec server itself I crated
the file ( osec reported), I changed the content of the file it detected.
and when I delete it didn't. can any one please guide me through. as per my
research, ossec should have returned "-1" value when the file is deleted
how ever I am not even getting the update.
as I went further down on the web to search for the issue : I found this is
include in one of the rule files: can you please suggest me in which file
is this suggested rule located:
or do I have to include this in the config file,
<rule id="553" level="7">
<category>ossec</category>
<decoded_as>syscheck_deleted</decoded_as>
<description>File deleted. Unable to retrieve checksum.</description>
<group>syscheck,</group>
</rule>
can anyone suggest.
thanks
regards
bijesh
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
