I get that when future upgrades will include new ossec_rules.xml files.
My question is, if we want to change the behavior of a rule, when should we use the "overwrite" attribute and when should we create a new child rule?
- [ossec-list] To overwrite or not to overwrite? Dave S
- Re: [ossec-list] To overwrite or not to overwrite? Wim Remes
- [ossec-list] Re: To overwrite or not to overwrite? Dave S
- Re: [ossec-list] To overwrite or not to overwrite? dan (ddp)
