OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
I am trying to capture file deletions using the default ossec rule for that (ID 553) and a local rule, but none of them has any effect. If I create a file it is captured, if I rename a file it is captured, but no file deletion is captured by OSSEC. I am using version OSSEC 3.7.0 and ubuntu 22.04
Hi!
I am trying to capture file deletions using the default ossec rule for that (ID 553) and a local rule, but none of them has any effect. If I create a file it is captured, if I rename a file it is captured, but no file deletion is captured by OSSEC. I am using version OSSEC 3.7.0 and ubuntu 22.04
Thanks