HIDS 591

Example log message:

ossec: File rotated (inode changed): `/var/log/messages`.

Explanation:

This means that the HIDS detected that a file has moved, and has been replaced with another file with the exact same name. This can occur when a log rotation system archives old log files, and it can also occur if an unauthorized change has been made. Such as a log file is moved and replaced.

Notes:

This events should be audited to ensure that they occurred via an authorized process or procedure.