On Sun, Dec 7, 2014 at 1:20 AM, Bijesh Maskey <biz....@gmail.com> wrote: > hi all, > I have installed and configure ossec server in cent os 6 and two client Win > 2k8 and cent os as agents running on my virtual box. Ossec is running > smoothly and detecting all the changes made on the files where the path is > assigned. I am getting logs form both the clients. but the problem came when > I did my test for delete files. on the ossec server itself I crated the file > ( osec reported), I changed the content of the file it detected. and when I > delete it didn't. can any one please guide me through. as per my research, > ossec should have returned "-1" value when the file is deleted how ever I am > not even getting the update. > > as I went further down on the web to search for the issue : I found this is > include in one of the rule files: can you please suggest me in which file is > this suggested rule located: > > or do I have to include this in the config file, > <rule id="553" level="7"> > > <category>ossec</category> > > <decoded_as>syscheck_deleted</decoded_as> > > <description>File deleted. Unable to retrieve checksum.</description> > > <group>syscheck,</group> > > </rule> > > can anyone suggest. >
Popular question this weekend. What version of OSSEC are you running? > thanks > > regards > > bijesh > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.