Yes, Only 1 entry is returned: grep "rule id=\"1002\"" /var/ossec/rules/*.xml /var/ossec/rules/syslog_rules.xml: <rule id="1002" level="2">
Scott On Apr 18, 2012, at 1:08 PM, Christopher Moraes wrote: > Since you mentioned this - > > On Mon, Apr 16, 2012 at 11:59 AM, sklauminzer <[email protected]> wrote: > This is happening with all syslog_rules.xml modifications, but > msauth_rules.xml mods *are* working. > > > Is it possible that there is a copy of your syslog-rules.xml file that is > triggering the rule 1002? > > If you grep "rule id=\"1002\"" /var/ossec/rules/*.xml > > do you have only one entry, as below? > syslog_rules.xml: <rule id="1002" level="2"> >
