Recently, we are trying to use OSSEC to monitor files ~/.ssh/authorized_key for real time, but it seems it can only detect for syscheck, but not real time. I checked the /var/ossec/queue/diff folder, it recorded all the changes, but because the .ssh folder is hidden. I can not get real-time alerts from OSSEC manager, is there anyone know how to fix this, or does OSSEC ever consider this function before?
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
