On 05/23/2011 08:39 PM, treydock wrote:
That's fine by me, though use "Trey Dockendorf". Thanks!
- Trey
Supported added
here:https://bitbucket.org/mstarks01/ossec-hids-mstarks/changeset/67e4be778491
It should set up log monitoring on install, but won't actually work the
first time because the active response log file doesn't get generated
until the first response has been initiated; however, a subsequent
restart of OSSEC should pick it up and start monitoring it.
I didn't alert on the rules since that's pretty much OSSEC doing its job
and I want to avoid unnecessary alerts, but of course that can easily be
overridden in local_rules.xml. The rule descriptions have also changes a
bit for brevity and consistency.
Testers and suggestions welcome.
