Hi Daniel
thanks for your quick response.
A colleague of mine and me have decided that the false positive are 'not
so positive' and probably are worth a notice.
So everything is fine for us.
Thanks a lot
Valerio Daelli
On 9/18/07, Daniel Cid [EMAIL PROTECTED] wrote:
Hi Valerio,
Yes, OSSEC
Hi Valerio,
Yes, OSSEC can monitor named logs and you need to use the syslog log
format in the config. You need to look at our rules to see what is wrong...
Can you submit the logs that are generating the false positive to us? It would
be much easier to fix them with that in hand.
Thanks,
--
