Hi Dan, Thank you very much for your reply. Is it possible for you to provide the sample rule as I was unable to find it from http://dcid.me/2010/03/alerting-when-a-log-or-output-of-a-command-changes/ which gets me 404 error.
Thanks Srikanth On Thursday, April 16, 2015 at 11:20:56 AM UTC-7, dan (ddpbsd) wrote: > > On Thu, Apr 16, 2015 at 2:08 PM, srikanth kalangi > <srikant...@gmail.com <javascript:>> wrote: > > Hi Team, > > > > Is there a way to show the difference in the email alert like what has > > changed between old & new file? > > > > Please help. > > > > It is showing the md5sum but the not the difference output. > > > > > > Integrity checksum changed for: '/var/ossec/etc/ossec.conf' > > > > Size changed from '2777' to '2817' > > > > Old md5sum was: 'a69f4ab990235e4eeb61b5d2d839dcc8' > > > > New md5sum is : '72ce6db1b1983a4a07de78abfdf0724e' > > > > Old sha1sum was: 'c9f86b33392f7f2e87ac5e1e38344c0bd1be5cb9' > > > > New sha1sum is : '8fe3613d520900260e1c3fceada8fdad8e2b00bb' > > > > The check_diff rule option can help with that: > > http://ossec-docs.readthedocs.org/en/latest/syntax/head_rules.html?highlight=check_diff#element-check_diff > > > > > > > > Thanks > > > > Srikanth > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
