HI,
I had installed ossec agent on serviral operation
systems,windows,linux,freebsd etc.Now I want to send the email alerts
to me when the system administrator logining in the system.under linux
or freebsd I can add the options in sshd_rules.xml,like this:
<rule id="5715" level="3">
<if_sid>5700</if_sid>
<options>alert_by_email</options>
<match>^Accepted|authenticated.$</match>
<description>SSHD authentication success.</description>
<group>authentication_success,</group>
</rule>
but how can i do this in windows and ignore src ip is null?
