[ossec-list] Create custom rule for OSSEC 2.8.3, to capture specific phrase in application log

2016-07-24 11:43:22,707 INFO [main-EventThread ] [.m.async.facade.Bootstrap] Became Leader!!! |TAGS| 2016-07-24 11:43:22,707 INFO [main-EventThread ] [.m.async.facade.Bootstrap] ## Leader election: *Server is leader and starting* ##

[ossec-list] OSSEC 2.8.3 create custom rule

Hi Guys I am looking to create a new custom ossec rult to capture specific phrase in a log. I have added the required directory to the ossec.conf monitoring. LOG Sample: 2016-07-24 11:43:22,707 INFO [main-EventThread ] [.m.async.facade.Bootstrap] Became Leader!!! |TAGS| 2016-07-24