Hi Could some one please guide me on how to write a rule to monitor for any
changes in the files from a specific folder.
this is what I tried
In ossec rules folder I added the below content in local_rules.xml file
<rule id="100345" level="12">
<if_matched_group>syscheck</if_matched_group>
<match>/opt/wapp/</match>
<description>Changes to /opt/wapp/- Critical file!</description>
</rule>
Still Iam not getting any alerts... am I missing any thing here... please
suggest me.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
