[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ossec-list
Subject:    Re: [ossec-list] OSSEC File Access alert and email
From:       "dan (ddp)" <ddpbsd () gmail ! com>
Date:       2015-10-29 13:54:34
Message-ID: CAMyQvMqy7jPDCw1yZ_kp9T4K3tSt0wUq0Er4nRpNwRVdFs0B6A () mail ! gmail ! com
[Download RAW message or body]

On Wed, Oct 28, 2015 at 8:55 PM, Nic Terry <nicterry@gmail.com> wrote:
> Greetings All,
> 
> Long time listener first time caller.
> 
> I have a scenario where I want to have an alert logged and email sent whenever a \
> certain file on Linux is accessed but that's all I want it to do. I've been \
> pondering how OSSEC might be able to achieve this and then said why not just ask \
> the group so here we are. Any help is greatly appreciated. 

You could possibly use auditd to monitor the file. OSSEC should be
able to read the audit log, and creating an alert from that shouldn't
be too difficult.

> --
> 
> ---
> You received this message because you are subscribed to the Google Groups \
> "ossec-list" group. To unsubscribe from this group and stop receiving emails from \
> it, send an email to ossec-list+unsubscribe@googlegroups.com. For more options, \
> visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups \
"ossec-list" group. To unsubscribe from this group and stop receiving emails from it, \
send an email to ossec-list+unsubscribe@googlegroups.com. For more options, visit \
https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]