Andrew Haven wrote:
I know this is going to sound lame, but check
http://ossec.net/en/manual.html#rules, and then look at the example
rulesets. The manual doesn't seem to be terribly thorough, but it lists
the possible options. You can then see how those options are used in
the example or default rulesets.
I haven't seen a good HowTo or tutorial on the rulesets yet though.
Perhaps someone else could share that?
Not lame at all. I appreciate you taking the time to respond. I
actually found more info on the Wiki by clicking on Special Pages, All
Pages. Still a bit muddy, but getting clearer.
