Open jrossi opened 10 years ago
jrossi
commented
10 years ago Uggh. There go my newlines again. How do I keep bitbucket from stripping them out? I searched the docs and forums and can't seem to find the answer.
Note: This comment has been automatically migrated from Bitbucket Created by mstarks01 on 2012-09-03 18:59:47+00:00
jrossi
commented
10 years ago Use triple braces to quote the text you do not want wrapping. {{{ This is example line one. Line 2. Line 3. }}}
Note: This comment has been automatically migrated from Bitbucket Created by jbcheng on 2012-09-04 05:47:37+00:00
jrossi
commented
10 years ago The integrity checksums were added to syslog output in 2.7 beta builds, but it was never added to mail output. If needed, look into os_maild/os_maild_cleint.c fuction OS_RecvMailQ() for implementing this enhancement.
Note: This comment has been automatically migrated from Bitbucket Created by jbcheng on 2012-11-01 23:18:28+00:00
They are in alerts.log, but not in emailed alerts. To wit:
\ Alert 1346697649.3137374: mail - ossec,syscheck, 2012 Sep 03 13:40:49 vhost->syscheck Rule: 550 (level 7) -> 'Integrity checksum changed.' Integrity checksum changed for: '/etc/fstab' Size changed from '703' to '0' Old md5sum was: '941a7f50cae9ed91b8111d6208a2596b' New md5sum is : 'd41d8cd98f00b204e9800998ecf8427e' Old sha1sum was: 'b482dd65bed14a2af0dd0291f0d180be45b4d3f4' New sha1sum is : 'da39a3ee5e6b4b0d3255bfef95601890afd80709' What changed: 7a8,9
Received From: vhost->syscheck Rule: 550 fired (level 7) -> "Integrity checksum changed." Src Location: (null) Portion of the log(s):
Integrity checksum changed for: '/etc/fstab' Size changed from '703' to '0' What changed: 7a8,9
--END OF NOTIFICATION
Note: This issue has been automatically migrated from Bitbucket Created by mstarks01 on 2012-09-03 18:58:05+00:00, last updated: 2012-10-01 18:41:22+00:00