I have made the following rules in the rule/local_rule.xml in the OSSEC manager. But it seems still cannot delete any file was deleted. How to make it works?
<rule id="553" level="5" overwrite="yes">
<category>ossec</category>
<decoded_as>syscheck_deleted</decoded_as>
<description>File deleted. Unable to retrieve checksum.</description>
<group>syscheck,</group>
</rule>
