On Dec 29, 2006, at 4:17 PM, Michael Starks wrote:
Is there any documentation on the XML tags used for the rules? I'd
like
to know the options available and an idea of how they all relate to
each
other. Thanks.
I know this is going to sound lame, but check http://ossec.net/en/
manual.html#rules, and then look at the example rulesets. The manual
doesn't seem to be terribly thorough, but it lists the possible
options. You can then see how those options are used in the example
or default rulesets.
I haven't seen a good HowTo or tutorial on the rulesets yet though.
Perhaps someone else could share that?
Drew Haven
