Sending Apache log files to OSSEC server from various client systems and want to extract non authorized HTTP requests such as CONNECT and PUT, e.g. will allow GET and POST only.
How can I write a customer rule to extract this request as all attempts to use <url> only seem to capture the path and not the HTTP request?
