[prev in list] [next in list] [prev in thread] [next in thread]
List: ossec-dev
Subject: [ossec-dev] Re: Impossible to know the user who changes the file
From: JB Cheng <jjoobbcc () gmail ! com>
Date: 2015-08-14 19:17:02
Message-ID: dc8ad40c-f5c5-44c1-b762-d052debf75c3 () googlegroups ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
OSSEC does not report on who changed a file.
OSSEC does report on who logged into a system.
Even though it is not conclusive, I think if you find out who logged into
the system prior to the file change, perhaps you can narrow down the scope
of the suspects.
On Sunday, August 2, 2015 at 9:58:42 AM UTC-7, Ghislain .NKOUDJOU wrote:
>
> Hi,
> how to recognize the user who made changes to a file received from the
> logs by email.
>
> I installed my ossec to monitor file integrity. I would like to know how
> to get in my mail logs received the name of the user who edit the file and if
> possible the change made.
> Thank you
>
--
---
You received this message because you are subscribed to the Google Groups "ossec-dev" \
group. To unsubscribe from this group and stop receiving emails from it, send an \
email to ossec-dev+unsubscribe@googlegroups.com. For more options, visit \
https://groups.google.com/d/optout.
[Attachment #5 (text/html)]
<div dir="ltr">OSSEC does not report on who changed a file.<div>OSSEC does report on \
who logged into a system. </div><div>Even though it is not conclusive, I think if \
you find out who logged into the system prior to the file change, perhaps you can \
narrow down the scope of the suspects. </div><div><br><br>On Sunday, August 2, 2015 \
at 9:58:42 AM UTC-7, Ghislain .NKOUDJOU wrote:<blockquote class="gmail_quote" \
style="margin: 0;margin-left: 0.8ex;border-left: 1px #ccc solid;padding-left: \
1ex;"><div dir="ltr"><span lang="en"><span>Hi,</span><br> <span>how to \
recognize</span> <span>the</span> <span>user who made</span> <span>changes</span> \
<span>to a file</span> <span>received</span> <span>from the</span> <span>logs</span> \
<span>by email</span><span>.</span><br></span><br><span lang="en"><span \
lang="en"><span>I installed</span> <span>my</span> <span>ossec</span> <span>to \
monitor</span> <span>file integrity</span><span>.</span> <span>I would like</span> \
<span>to know how to</span> <span>get</span> <span>in my</span> <span>mail</span> \
<span>logs</span> <span>received</span> <span>the name of</span> <span>the user \
who</span> <span>edit the file and</span> <span>if possible</span> <span>the \
change</span> <span>made.</span><br> </span><span>Thank \
you</span></span></div></blockquote></div></div>
<p></p>
-- <br />
<br />
--- <br />
You received this message because you are subscribed to the Google Groups \
"ossec-dev" group.<br /> To unsubscribe from this group and stop receiving \
emails from it, send an email to <a \
href="mailto:ossec-dev+unsubscribe@googlegroups.com">ossec-dev+unsubscribe@googlegroups.com</a>.<br \
/> For more options, visit <a \
href="https://groups.google.com/d/optout">https://groups.google.com/d/optout</a>.<br \
/>
------=_Part_1026_1451990743.1439579822430--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic