I'm looking at this myself on a specific Linux box, from what I can see their does not appear to be a connector for Linux file system auditing. One thing I am in the process of doing is modifying syslog\rsyslog to forward events as well as the Linux agent. this may parse and pass more detailed event information.
1 of 1 people found this helpful
I suggest you look into LEM's auditd connector tool. You may be able to use auditd to monitor actions on files. Here is a link that may help Chapter�32.�Introducing an Audit Rule Set
It is for Suse but auditd works the same around the board......GoodLuck!
Oh, it would be nice for Solarwinds to build a connector to Ossec HIDS. This would be magnificent!
Hey Martin, we do have a couple of requests for OSSEC - one to cover just OSSEC alerts, one to cover the general events. The alerts one is higher on the list since the data is pretty well formatted and we've had a few requests for it. As always, you can submit a support case or hit up the feature requests forum to vote.