How can we get the ossec agent to read a localfile that overwrites itself?
The CIS CAT benchmarks write a .txt file which we are reading with "syslog" as the local file However when the benchmark tests run, ossec does not appear to re-read the log, its as if it never gets read again. As it turns out, there is no date/time in the log. We have a decoder and rules that work, just need this last piece. Anyone run into this before? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
