Hi Guys,
Can LEM monitor file changes in Linux.
like for example if I made changes in /etc/passwd LEM will send notification that the file had changed.
Any ideas are much appreciated.
Hi Guys,
Can LEM monitor file changes in Linux.
like for example if I made changes in /etc/passwd LEM will send notification that the file had changed.
Any ideas are much appreciated.
Hi Sniffer,
I'm looking at this myself on a specific Linux box, from what I can see their does not appear to be a connector for Linux file system auditing. One thing I am in the process of doing is modifying syslog\rsyslog to forward events as well as the Linux agent. this may parse and pass more detailed event information.
Matt
I suggest you look into LEM's auditd connector tool. You may be able to use auditd to monitor actions on files. Here is a link that may help Chapter�32.�Introducing an Audit Rule Set
It is for Suse but auditd works the same around the board......GoodLuck!
Oh, it would be nice for Solarwinds to build a connector to Ossec HIDS. This would be magnificent!
Hey Martin, we do have a couple of requests for OSSEC - one to cover just OSSEC alerts, one to cover the general events. The alerts one is higher on the list since the data is pretty well formatted and we've had a few requests for it. As always, you can submit a support case or hit up the feature requests forum to vote.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.