I was write rule in ossec_rules.xml. but it is not effect. Please help~~~ as : <rule id="554" level="9">
<category>ossec</category>
<decoded_as>syscheck_new_entry</decoded_as>
<description>File added to the system.</description>
<group>syscheck,</group>
</rule>
<rule id="554" level="9" overwrite="yes">
<category>ossec</category>
<decoded_as>syscheck_new_entry</decoded_as>
<match>^keylog.exe^</match>
<description>File added to the system.(Intrusion)</description>
<group>syscheck,</group>
</rule>
