I would like to treat one Rule violation different from the rest. I'll duplicate the scripts for firewall drop under a different name and add commands in ossec.conf for the new script.
Instead of Level 7 or above triggering the command, I'd like to have a specific postfix rule be the trigger. What would the tags be for this? Instead of <level></level> can I use something else? I want to make the firewall drop permanent for Rule: 3302. Thanks, Eric -- Subscription settings: http://groups.google.com/group/ossec-list/subscribe?hl=en
