Thanks for clearing that up Daniel. Also, I wanted to thank the folks
involved with developing and maintaining the OSSEC project. We've had
OSSEC in production for only a couple of months and it has already
helped us identify several attacks and a few agent/host configuration
issues.
Thanks for
Hi Clayton,
Within the ossec model, the agents have no information about rules
whatsoever. So, if
you need to modify a rule, you need to do it on the server side.
How do you do it? If you have a rule like that (from our FAQ):
group name=local
rule id=100101 level=0
if_sid123, 456/if_sid