Hi all, using OSSEC I found a limitation for the lenghtness of a regexp. So i'm writing my own compiled rule for my pourpose.
This code simply compare the dstuser field with a list of users in a file. I tested my C rule with ossec-logtest and works fine but no match appears at all when events come from agents. Everytime I modify the rule C source i reinstall all, using the install.sh script. Someone has found a similar behaviour? There's a trick to avoid that? Thank you!
