Hi Daniel, Regarding how to write the rules, the following documents can help:
http://www.ossec.net/ossec-docs/auscert-2007-dcid.pdf http://www.ossec.net/wiki/index.php/Know_How:Ignore_Rules Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On 9/18/07, Peter M. Abraham <[EMAIL PROTECTED]> wrote: > > Greetings Daniel: > > Custom rules can be placed in /var/ossec/rules/local_rules.xml > > Thank you. > >