I have setup monitoring of file changes but cannot figure out how to have Nagios email me when the specific files are changed.
In the Match Rules part of the filter settings I have checked Audit Success and for the Match String entered in the specific folder name I want to be notified about when files are changed it in.
If I leave out the filter, I get a ton of emails with meaningless auto success notifications.
Anyone know if I have say folder “c:\program files\folder to monitor” that I can filter the Security Log and have the NSCA daemon notify nagios when folder to monitor has an event?
Thank you for your help.