Thank you so much for the great answer! Hi again, > > About getting a list of all modified files, you can execute > syscheck_control binary to get a list of file by agent,day: > > /var/ossec/bin/syscheck_control -i AGENTID > > > So your active-response script can periodically check that command output > and look for today changes, the bad thing about this command is you need to > filter for one specific agent. >
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.