On Tue, Dec 9, 2014 at 12:19 AM, Bijesh Maskey <biz....@gmail.com> wrote: > my ossec version is 2.8.1
I believe I am seeing the same behavior on post-2.8.1 agents (but not the manager). > sandivigore > > On Sunday, December 7, 2014 12:05:13 PM UTC+5:45, Bijesh Maskey wrote: >> >> hi all, >> I have installed and configure ossec server in cent os 6 and two client >> Win 2k8 and cent os as agents running on my virtual box. Ossec is running >> smoothly and detecting all the changes made on the files where the path is >> assigned. I am getting logs form both the clients. but the problem came when >> I did my test for delete files. on the ossec server itself I crated the file >> ( osec reported), I changed the content of the file it detected. and when I >> delete it didn't. can any one please guide me through. as per my research, >> ossec should have returned "-1" value when the file is deleted how ever I am >> not even getting the update. >> >> as I went further down on the web to search for the issue : I found this >> is include in one of the rule files: can you please suggest me in which file >> is this suggested rule located: >> >> or do I have to include this in the config file, >> <rule id="553" level="7"> >> >> <category>ossec</category> >> >> <decoded_as>syscheck_deleted</decoded_as> >> >> <description>File deleted. Unable to retrieve checksum.</description> >> >> <group>syscheck,</group> >> >> </rule> >> >> can anyone suggest. >> >> thanks >> >> regards >> >> bijesh >> >> > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.