Modifying the default rules directly isn't encouraged. Your changes
will be overwritten on an upgrade. You should add custom rules to
/var/ossec/rules/local_rules.xml. You can create custom rules to look
for new things the default rules don't cover, or to ignore rules that
are already in place.
On Mon, Apr 30, 2012 at 2:42 PM, A-Dubbs arlendelcasti...@gmail.com wrote:
I'm looking for the rules file for adjusting what gets logged for
Microsoft Windows systems. Is msauth_rules.xml the correct file?
