Hi Ossec-List I need to configure my own rules. I need to check a special log file and i also need to write some rules for a special syslog message.
How can i write these two rules in the best way and i which xml file i have to integrate ist? My idea was, that i create my own rules xml file for the special logfile and insert the special syslog rules in the local_rules.xml. Is that they right way or does anybody have a better idea? Regards, Daniel
