OSSEC creates checksums and chained checksums of the archives. I need a way to confirm that the chain is correct.
zcat /var/ossec/logs/archives/2017/Feb/ossec-archive-28.log.gz | md5sum creates the entry Current checksum: MD5 (/logs/archives/2017/Feb/ossec-archive-28.log) = in ossec-archive-28.log.sum Likewise zcat /var/ossec/logs/archives/2017/Feb/ossec-archive-27.log.sum | md5sum creates the entry Chained checksum: MD5 (/logs/archives/2017/Feb/ossec-archive-28.log) = in ossec-archive-28.log.sum I could create a script to do the check all the way to the beginning. Does OSSEC provide a method to do this check without scripting it? I was not able to find that in the documentation (probably checking at the wrong place) Thanks Dominik -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.