----- "karan" <[email protected]> wrote: | Dear Dave, | | Thank you very much for your reply. i fully read the | ossec articles, whatever y mention. | | Again i face the problem. How to create new rule for our environment. | | Ossec output log size is very high. and every seconds we received | more | logs. | | My request is how to separate logs like user name, date,time | category, | windows security, and description,etc for report purpose | | Awaiting for your favorable reply | | with regards | Kirubakaran.K | India | | | | | On Jan 1, 8:17 pm, Dave S <[email protected]> wrote: | > Karan, | > This discussion group isn't for teaching. | > If you have a specific problem or issue, then bring it here, but | first | > you have to try finding your own answers. | > | > There's lots of documentation you can check out to find your | answers. | > | > There's theOSSECManual athttp://www.ossec.net/main/manual/ | > And the FAQ is a great place to get started | http://www.ossec.net/main/manual/manual-faq/ | > TheOSSECWiki has articles on specific problems | http://www.ossec.net/wiki/OSSEC | > | > And there's a real good book onOSSECavailable on | Amazon.com.http://www.amazon.com/OSSEC-Host-Based-Intrusion-Detection-Guide/dp/1... | > | > Start reading! | > -Dave | > | > On Dec 31 2009, 6:09 am, karan <[email protected]> wrote: | > | > > Dear Sir, | > > Am newly installedOSSECin our organization,I | dont | > > know hoe to createRulesfor our our environment. Pls kindly help | to | > > me basic knowledge ofOssectools | > | > > Awaiting for your reply | > | > > with warm regards | > > Kirubakaran.K
Have a look through the default rules under <ossec_install_path>/rules they should provide a good starting point. You can then create your own by adding them to local_rules.xml Best Regards,
