• Support
  • Forums
  • Blogs

Syscheck Report modif in file ?

kgnkgn

New Life Form
Hello, with an ossec agent installed to receive with the syscheck option, changes in a file? And not just the old cheksum and the new one?  With the parameter "report_change="yes" 
As I understand it, With the parameter, as below normally it should give me what was added when I modify a file in / var / log / test1 /?
reportchange
But it only alerts me of the checksum changed each time without telling me what has changed inside the files..
2018-10-18_18h36_15
I can not find the solution ..
Thanks

Share post:

Answers

  • kgn,

    This is expected behavior. OSSEC checks against a hash of the previous file when looking for changes. it sounds like what you are looking for is actually a file auditing solution, of which there are a number on the market to choose from.
Sign In or Register to comment.