Also, what does the "if_sid" match too? I am trying to understand how to create custom rules and it seems this "if_sid" is unique and defined somewhere. I see that rule id and description can be whatever you want and "id" is the event id number you want to monitor. Any help is much appreciated.
Thanks. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
