On Mon, Jan 12, 2015 at 11:23 AM, <ch...@rhris.com> wrote: > All other log files aggregate into OSSEC. The auditor wants these logs on > the OSSEC server to be logged as well. I just cannot find anyone else that > could do this. >
So no other logs have this requirement? That's kinda silly. Have you tried contacting your mystery OS's vendor? Perhaps they know of a solution. > On Monday, January 12, 2015 at 10:22:05 AM UTC-6, dan (ddpbsd) wrote: >> >> On Mon, Jan 12, 2015 at 11:17 AM, <ch...@rhris.com> wrote: >> > Sadly no they did not. They just want notices if the files change. But >> > to >> > log access to said files causes a infinite loop of alerts. >> > >> >> How is this handled for other log files? >> >> > On Monday, January 12, 2015 at 9:55:48 AM UTC-6, dan (ddpbsd) wrote: >> >> >> >> On Mon, Jan 12, 2015 at 10:36 AM, Christopher Dangerfield >> >> <ch...@rhris.com> wrote: >> >> > After going through a security audit with my current employer >> >> > something >> >> > came >> >> > up that I cannot figure out how to solve. No one online seems to have >> >> > ran >> >> > into this. The auditor wants us to log and alert access to the >> >> > /var/ossec/logs folder. I can do this, but every alert creates a log >> >> > change >> >> > thus creates another alert and log change, etc, etc, etc. Has anyone >> >> > ever >> >> > had to do this and cold help me? >> >> > >> >> >> >> Did the auditors have any suggestions? >> >> >> >> > -- >> >> > Chris >> >> > >> >> > -- >> >> > >> >> > --- >> >> > You received this message because you are subscribed to the Google >> >> > Groups >> >> > "ossec-list" group. >> >> > To unsubscribe from this group and stop receiving emails from it, >> >> > send >> >> > an >> >> > email to ossec-list+...@googlegroups.com. >> >> > For more options, visit https://groups.google.com/d/optout. >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to ossec-list+...@googlegroups.com. >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.