01-23-2009 08:06 AM - edited 03-10-2019 04:28 AM
I would like to create a File Access Control rule to generate an alert when the /var/adm/csalog is attempted to be modified on *nix systems. An Agent Service Control rule already generates an alert when this file is modified, however we need to isolate this activity down to a File Access Control rule. I have attempted to define the rule from scratch, however it's not working. Any guidance on this would be appreciated.
01-23-2009 02:47 PM
Create a new File Access control rule, make it as specific as possible on src application and filename/directory, and then make it a monitor rule, it will then log it no matter what other rules are in place.
01-23-2009 02:56 PM
I will configure that, and update the thread. Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide