Recently, we are trying to use OSSEC to monitor ~/.ssh/authorized_key for real time. But it seems it only works for system integrity check periodically, but not real-time, I checked the /var/ossec/queue/diff folder, it recorded all the changes under that folder, but since .ssh is a hidden folder, I can not get alerts from ossec manager for real-time file change alert. Is there anyone knowing how to fix this?
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.