On Wed, May 6, 2015 at 2:47 PM, Joao T. <
garc...@gmail.com> wrote:
> Hello, this is an old message but couldn't find anything newest about the
> topic,
>
> According with the previous example:
> !++1486:33188:0:1:a465a2fd02717050ca44d6cc24c5d458:bd37d291ce34e363af853958a31f24c74bd85d4
> !1330029335 /opt/syslog-ng/conf/syslog-ng.conf
>
> In what format is the timestamp? how can I decode !1330029335 into legible
> date and time?
>
It's in a UNIX epoch time format. Some date commands allow you to
convert from this to something easier to read.
> What does mean these numbers between the file size and the hash: 33188:0:1:
>
The 0:1 are probably uid:gid, but I'm not sure about the 33188 off hand.
> Thanks!
>
> On Wednesday, February 29, 2012 at 6:55:10 AM UTC+1, Marcos wrote:
>>
>> Hi,
>>
>> I find my OSSEC server keeps "reporting" a file is changed. I checked that
>> file check sum and timestamp and it has nothing change, as far as I can
>> tell.
>>
>> When I try to see what is going on inside the file
>> "/opt/ossec/queue/syscheck/"(ossec_client) 172.30.XX.XXX -> syscheck", I
>> find there are 2 entries related to the same object.
>>
>> The first line below should be created first with a "+++" at the beginning
>> of that line. Somehow, when OSSEC server reports there is a change, it
>> create the last line.
>>
>> Can anyone explain what is the meaning of "+++" & "!++" and what is the
>> meaning of "!132863#281" and "!1330029335"?
>>
>> [root@myossec_svr syscheck]# cat "(ossec_client) 172.30.XX.XXX ->syscheck"
>>
>> +++1486:33188:0:1:a465a2fd02717050ca44d6cc24c5d458:bd37d291ce34e363af853958a31f241c74bd85d4
>> !132863#281 /opt/syslog-ng/conf/syslog-ng.conf
>>
>> !++1486:33188:0:1:a465a2fd02717050ca44d6cc24c5d458:bd37d291ce34e363af853958a31f241c74bd85d4
>> !1330029335 /opt/syslog-ng/conf/syslog-ng.conf
>>
>> Regards,
>> Marcos
>>
>>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to
ossec-list+...@googlegroups.com.
> For more options, visit
https://groups.google.com/d/optout.