On Wed, Jun 29, 2016 at 1:59 PM, Andreas Piesk <a.pi...@gmx.net> wrote: > Hello list, > > is it possible to use OSSEC as FIM to check system files and application > files with separate notifications? > > Changed system files should be reported to email address 1, changed > application files to email address 2. > > Any ideas are appreciated. >
You can probably create child rules to alert on system files, and then use the granular email options to send those alerts to a different email. A lot of it would probably revolve around how you define system vs application files. > Best regards > > -- > > --- You received this message because you are subscribed to the Google > Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
