A couple of days ago I needed to parse integrity logs myself and found the
above thread useful. Ended up writing up a quick n dirty bash script to do
so and thought I'd post it here incase anyone finds it useful. It's
certainly not my finest work but I may get around to turning it into
something
You might want to check this thread:
https://groups.google.com/forum/m/#!topic/ossec-list/UuhauWUCxkU
> On Jun 4, 2015, at 1:11 AM, R Brandt wrote:
>
> Thanks.
> Didn't have time to look at the file until today.
> So how do you decode the syscheck entries?
>
>
>> On Monday, June 1, 2015 at
Thanks.
Didn't have time to look at the file until today.
So how do you decode the syscheck entries?
On Monday, June 1, 2015 at 10:13:49 AM UTC-6, dan (ddpbsd) wrote:
>
> On Mon, Jun 1, 2015 at 12:11 PM, R Brandt > wrote:
> > If this is documented somewhere I apoligize, I can't find it.
> >
On Mon, Jun 1, 2015 at 12:11 PM, R Brandt wrote:
> If this is documented somewhere I apoligize, I can't find it.
> We are using OSSEC 2.8.1 on RedHat Linux (some 5.x, some 6.x) and using
> Logstash to populate elasticsearch.
> I've configured ossec to output json for logstash. The problem is that
If this is documented somewhere I apoligize, I can't find it.
We are using OSSEC 2.8.1 on RedHat Linux (some 5.x, some 6.x) and using
Logstash to populate elasticsearch.
I've configured ossec to output json for logstash. The problem is that
neither the size, permissions, or diffs show up in the