On Monday, October 5, 2015 at 8:38:17 AM UTC-6, Daniel Baker wrote: > > I'm looking for a way to have OSSEC trigger on Event ID 1100 Service > Shutdown in Windows. >
This is what I'm trying to add to the local_rules.xml file: <rule id="1100000" level="12"> <if_sid>18104</id> <id>^1100$</id> <description>Windows Service Stopped</description> </rule> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
