Re: [ossec-list] Ossec rules matching order and other

Hi Issam, regarding to the rule order, OSSEC checks a rule and its childs recursively. Try to launch *ossec-logtest* with argument *-v*: log: '2014 Dec 20 09:29:47 WinEvtLog: Microsoft-Windows-Sysmon/Operational: INFORMATION(1): Microsoft-Windows-Sysmon: SYSTEM: NT AUTHORITY: WIN-U93G48C7BOP:

Re: [ossec-list] Ossec rules matching order and other

On Wed, May 18, 2016 at 10:47 AM, Issam Aouad Tabet wrote: > Hey everyone, > > I am windering if anyone can help me with these two questions: > > 1. I am using ossec-logtest file to test my rules in order to match with > some Windows logs. Does anyone know in which order

[ossec-list] Ossec rules matching order and other

Hey everyone, I am windering if anyone can help me with these two questions: 1. I am using ossec-logtest file to test my rules in order to match with some Windows logs. Does anyone know in which order are the rules tested? It seems it is not ID number order.. 2. Here is the default predefined