Matthias Fraidl
2015-05-08 09:04:00 UTC
Hi list,
i have configured ossec to report file changes on e.g. 20 identical
servers, but the email alerts aren't identical (same ossec config
aswell). there are some alerts which only tell me that checksum of the
best regards,
matthias
i have configured ossec to report file changes on e.g. 20 identical
servers, but the email alerts aren't identical (same ossec config
aswell). there are some alerts which only tell me that checksum of the
Rule: 550 fired (level 7) -> "Integrity checksum changed."
Integrity checksum changed for: '/etc/bla/fasel.conf'
Size changed from '547' to '560'
Old md5sum was: '468234ddfedea0eabb4460b855953bd8'
New md5sum is : '96898253a60f27b788e0d94e33d12162'
but some alerts, regarding same file changes from an identical machineIntegrity checksum changed for: '/etc/bla/fasel.conf'
Size changed from '547' to '560'
Old md5sum was: '468234ddfedea0eabb4460b855953bd8'
New md5sum is : '96898253a60f27b788e0d94e33d12162'
15c15
< dry=0
---
Can anyone explain this deviance to me?< dry=0
---
dry=1
best regards,
matthias
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.