Remember that you need to restart OSSEC after changing the rules.
Also, you can use *ossec-logest* to test your rules.
Regards.
On Thursday, June 29, 2017 at 11:25:17 AM UTC+2, Rahul Tiwari wrote:
>
> I tired this but its not working any other rule or something which i need
> to add.
> As i m
Hi,
the *frequency *attribute specifies the number of times (+2) the rule must
have matched before firing. In this case, the rule 5720 will be fired if
the rule 5716 is fired 8 times (6+2).
You must use *frequency="1"* to fire the rule after 3 attempts. Also, it is
a good idea to add the
