Hi Jason, On Mon, Jun 27, 2011 at 2:48 PM, Jason 'XenoPhage' Frisvold <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi all, > > I'd like to see the online docs updated to make this more clear. Can > someone please verify my understanding (original from > http://www.ossec.net/doc/syntax/head_rules.html#options) : > > group.rule.if_sid > Matches if the ID has matched once. > Allowed: Any rule id > > group.rule.if_matched_sid > Matches if the ID has matched multiple times. Used for composite rules. > Allowed: Any rule id >
These always confuse me. I'll look into it. :) > If this is correct, who do I need to contact to get the online docs > updated? Or maybe the online docs should all be moved to the wiki so > the community can update it? > Wikis suck. The current documentation can be found at https://bitbucket.org/ddpbsd/ossec-rules It's done in sphinx (with help from paver). Someone else started it, and I don't have a good grasp on how to do anything fancy with it. But I can definitely update the above. Feel free to fork it, modify it, etc. And/or create issues on bitbucket for me. dan > - -- > - --------------------------- > Jason 'XenoPhage' Frisvold > [email protected] > - --------------------------- > "Any sufficiently advanced magic is indistinguishable from technology." > - - Niven's Inverse of Clarke's Third Law > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.17 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk4I0JIACgkQ8CjzPZyTUTQ0KQCeNrV4+Z30ivqj40GbWkdsB27y > RWUAmQFvpQBuhS0WFImE0LOYIYyZnHFv > =2EZS > -----END PGP SIGNATURE----- >
