Hi Alisha, The rule 11 is the only one left that is not set in the rules file, but we will be merging that to the rules in the near future...
Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On Mon, Aug 17, 2009 at 2:23 PM, Alisha Kloc<fallintosan...@gmail.com> wrote: > > Hi, > > My department is testing a new installation of OSSEC using a MySQL > database, where we use automated MySQL queries to extract certain data > for our network. We ran across "Rule 11" ("The average number of logs > between 20:00 and 21:00 is X. We reached Y") while testing, and > realized that our query, which relies on the rule ID number to > properly extract and process the data, won't catch alerts related to > Rule 11 or any similar system "rules", as they aren't listed in the > rules XML files and don't have corresponding rule ID numbers. We've > implemented a workaround to catch Rule 11, but we were wondering if > there were any other system rules (i.e. things OSSEC will give an > alert about but which don't have a rule ID number) that we need to > look for. > > Thanks very much in advance! > -Alisha >