Re: [ossec-list] Re: Rule for web access_log not working

dan (ddp) Thu, 15 Apr 2010 03:44:24 -0700

If rule 200004 is your custom rule, it looks like it isn't being applied.
Try adding <if_sid>31151</if_sid> to your rule.


On Wed, Apr 14, 2010 at 3:17 PM, Brian <[email protected]> wrote:
> In the email alert, however, it is being listed as "level 10", which
> is leading me to believe my local rule is just being ignored:
>
> Rule: 31151 fired (level 10) -> "Mutiple web server 400 error codes
> from same source ip."
>
> -Brian
>
>


-- 
To unsubscribe, reply using "remove me" as the subject.

Re: [ossec-list] Re: Rule for web access_log not working

Reply via email to