Hi, Can someone help me on an issue? Recently, I modified the local_rules.xml file and removed some rules we created before. Then I restarted the OSSEC service. I checked the ossec.log file, it seems that the rule file local_rules.xml was loaded. But I just found that the old rules we removed are still in effect. Is it possible that OSSEC cached the local_rules.xml somewhere and use it even if I update the version under /var/ossec/rules? If so, how can I clear the cached file and make OSSEC to use the updated version? Or, is there anything I can check to troubleshoot this issue. Thanks in advance.
Best regards, Endy Tang
