How do you kick off a test of the new Daily Report feature? Would like to see what I get before putting it in production.
-Derek > You can make up your own. Give your rules a <group>whatever</group> entry. > ie: > <rule id="100500" level="4"> > <decoded_as>named</decoded_as> > <description>bad zone transfer request</description> > <match>bad zone transfer request</match> > <group>sysadmin,</group> > </rule> > > Here's a quick list of groups (probably imcomplete/wrong in some cases): > access_denied > account_changed > adduser > agentless > attack > attacks > authentication_failed > authentication_failures > authentication_success > automatic_attack > client_misconfig > config_changed > connection_attempt > dhcp_dns_maintenance > dhcp_ipv6 > dhcp_lease_action > dhcp_maintenance > dhcp_rogue_server > exploit_attempt > firewall_drop > fts > hostinfo > ids > invalid_access > invalid_login > invalid_request > ip_spoof > login_day > login_denied > login_time > logs_cleared > low_diskspace > multiple_drops > multiple_spam > new_host > policy_changed > process_monitor > promisc > recon > rootcheck > service_availability > service_start > smf-sav > spam > sql_injection > syscheck > system_error > system_shutdown > time_changed > unknown_resource > virus > web_scan > win_authentication_failed > > > On Mon, Mar 1, 2010 at 11:02 AM, Derek J. Morris > <[email protected]> wrote: >> I am excited to check out the Reporting feature just added. I need a list of >> categories or groups so I can set it up with what I want to report on. Can >> you >> make up your own groups or categories too? Where would I add such entries to >> declare them and then edit my rules appropriately? >> >> -Derek Morris >> >> >
