Hi Could some one please guide me on how to write a rule to monitor for any changes in the files from a specific folder. this is what I tried
In ossec rules folder I added the below content in local_rules.xml file <rule id="100345" level="12"> <if_matched_group>syscheck</if_matched_group> <match>/opt/wapp/</match> <description>Changes to /opt/wapp/- Critical file!</description> </rule> Still Iam not getting any alerts... am I missing any thing here... please suggest me. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.