Greetings,
We are using the RPM version of ossec-hids (version 2.3-2.el5.art) in a
server/agent installation environment. Everything is working fine so far,
however we now have a need to add another server and I need to specify rules
and actions that are specific to that one server. I've done
I don't know about the active-response section, but the rules section
shouldn't need to be modified really.
Ossec is pretty resource light, so having rulesets loaded that you
don't need shouldn't be too much of a problem.
On Fri, May 14, 2010 at 8:25 AM, Steven Spencer sspencerw...@gmail.com
In fact, not having all the rules loaded can cause performance penalty, because
non-matching events will end up being checked by all the rule tree.
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
On Fri, May 14, 2010 at 10:27 AM, dan (ddp) ddp...@gmail.com wrote:
I don't know about the