[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ossec-list
Subject:    Re: [ossec-list] timeline of a file/folder
From:       "dan (ddp)" <ddpbsd () gmail ! com>
Date:       2018-07-06 12:24:04
Message-ID: CAMyQvMpnu-fSYq5u1wM7yXz19Gytt20YU6w31RXr+kYL9Cs98Q () mail ! gmail ! com
[Download RAW message or body]

On Sat, Jun 30, 2018 at 8:34 AM, bill890 <bill.evergreen@gmail.com> wrote:
> Hello Forum
> 
> Is it possible to monitor every change of a selected file/folder, from the
> point of it's creation till today?  And visualize that in e.g. a timeline?
> 
> It would be amazing if such a timeline of the files/folders with the dates
> of the cahnges would work even the filename changed and if the file
> is moved to an other folder :-)
> 
> 

The history of each file monitored by syscheckd is kept in the
syscheck db for that system (`/var/ossec/queue/syscheck/`).
It includes the timestamp it was checked, file size, hashes,
owner/group, and filename.
Tracking if it was moved to another location would be more difficult
(although you could track the hash through the file?).

> Possible?
> 
> Thank you for your feedback!
> 
> Bill
> 
> --
> 
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscribe@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups \
"ossec-list" group. To unsubscribe from this group and stop receiving emails from it, \
send an email to ossec-list+unsubscribe@googlegroups.com. For more options, visit \
https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]