Hi Jeremy,
We currently do not have it. Actually, we don't even need to add any rules, just a decoder to extract the information we need (user, ids, sources, etc). Do you have a few log samples to share with us? We can certainly add support for them without too much work... Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On 11/1/06, Jeremy Lee <[EMAIL PROTECTED]> wrote:
Hi all, Just curious if there's a rule that exists which parses for files containing Windows Event Log entries stored in text format/Syslog (by use of programs such as NTSyslog) on a Unix server. Thanks, Jeremy
