You could have ossec monitor ossec.log like it does with active-
responses.log. You'd just have to write rules for it, or barring that
turn on archives.log
-Scott
On Mon, 2019-03-25 at 08:02 -0400, dan (ddp) wrote:
> On Fri, Mar 22, 2019 at 12:01 PM YoYo wrote:
> > Hi All,
> >
> > We are
They're internal to the package *for the moment*, so when we release an
OSSEC update the new rules come along with it. When you update to 2.9.1
its going to update the rules along with it. Eventually we're going to
break the more dynamic content (rules, decoders, etc) into a separate
package.
If you could send me your changes I can get those added into the main
package too.
-Scott
On Thu, 2010-08-26 at 11:41 -0400, David Porcello wrote:
Indeed I am. Specifically, here are the Atomic packages I installed:
inotify-tools-3.11-1.el5.art.x86_64.rpm
This is an initial release of OSSEC-HIDS 2.0 from the [atomic] rpm
repository for:
* CentOS 4
* CentOS 5
* RHEL 4
* RHEL 5
* Fedora 4-10
available for both i386 and x86_64 platforms. The atomic yum repository
is located at: http://www.atomicrocketturtle.com
Short Installation instructions: