Hi Alisha,
The rule 11 is the only one left that is not set in the rules file,
but we will be merging that
to the rules in the near future...
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
On Mon, Aug 17, 2009 at 2:23 PM, Alisha Kloc<fallintosan...@gmail.com> wrote:
>
> Hi,
>
> My department is testing a new installation of OSSEC using a MySQL
> database, where we use automated MySQL queries to extract certain data
> for our network. We ran across "Rule 11" ("The average number of logs
> between 20:00 and 21:00 is X. We reached Y") while testing, and
> realized that our query, which relies on the rule ID number to
> properly extract and process the data, won't catch alerts related to
> Rule 11 or any similar system "rules", as they aren't listed in the
> rules XML files and don't have corresponding rule ID numbers. We've
> implemented a workaround to catch Rule 11, but we were wondering if
> there were any other system rules (i.e. things OSSEC will give an
> alert about but which don't have a rule ID number) that we need to
> look for.
>
> Thanks very much in advance!
> -Alisha
>
