01-23-2009 08:06 AM - edited 03-10-2019 04:28 AM
I would like to create a File Access Control rule to generate an alert when the /var/adm/csalog is attempted to be modified on *nix systems. An Agent Service Control rule already generates an alert when this file is modified, however we need to isolate this activity down to a File Access Control rule. I have attempted to define the rule from scratch, however it's not working. Any guidance on this would be appreciated.
01-23-2009 02:47 PM
Create a new File Access control rule, make it as specific as possible on src application and filename/directory, and then make it a monitor rule, it will then log it no matter what other rules are in place.
01-23-2009 02:56 PM
I will configure that, and update the thread. Thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: