Hi I have also a logifle from a ressouce whcih isn't integrated in ossec right now. How can i add the support and my own rules for that?
I added the logfile in the ossec.conf and as format syslog. But now all logfiles will be processed by the syslog rules. How can i force ossec to use my own rules for exactly this logfile? Regards, Dan Am 19.09.2007 um 03:18 schrieb Daniel Cid: > > Hi Daniel, > > Regarding how to write the rules, the following documents can help: > > http://www.ossec.net/ossec-docs/auscert-2007-dcid.pdf > http://www.ossec.net/wiki/index.php/Know_How:Ignore_Rules > > Thanks, > > -- > Daniel B. Cid > dcid ( at ) ossec.net > > On 9/18/07, Peter M. Abraham <[EMAIL PROTECTED]> wrote: >> >> Greetings Daniel: >> >> Custom rules can be placed in /var/ossec/rules/local_rules.xml >> >> Thank you. >> >>
