You need to add it to local_rules.xml On Mon, Aug 27, 2012 at 5:15 AM, JJ Yu <[email protected]> wrote:
> I was write rule in ossec_rules.xml. but it is not effect. Please help~~~ > as : > <rule id="554" level="9"> > > <category>ossec</category> > > <decoded_as>syscheck_new_entry</decoded_as> > > <description>File added to the system.</description> > > <group>syscheck,</group> > > </rule> > > > <rule id="554" level="9" overwrite="yes"> > > <category>ossec</category> > > <decoded_as>syscheck_new_entry</decoded_as> > > <match>^keylog.exe^</match> > > <description>File added to the system.(Intrusion)</description> > > <group>syscheck,</group> > > </rule> > -- MVH/With regards Frank -- Name: Frank Stefan Sundberg Solli E-mail: [email protected] Web: http://0x41.me GPG: 684119F4
