Hi all, using OSSEC I found a limitation for the lenghtness of a regexp. So i'm writing my own compiled rule for my pourpose.
This code simply compare the dstuser field with a list of users in a file. I tested my C rule with ossec-logtest and works fine but no match appears at all when events come from agents. Everytime I modify the rule C source i reinstall all, using the install.sh script. Someone has found a similar behaviour? There's a trick to avoid that? Thank you! -- ----------------------------- Pedretti Stefano [email protected] PGP Fingerprint: 5B00129E http://paroledisilicio.wordpress.com Skype : ste.pedro83 mobile: +393292348186 -----------------------------
