The OSSEC book will show you how to write decoders and rules. But to write rules you need logs. Lots of logs. Lots and logs of logs. Then you have to go through by hand, use intelligence with your learnings from the book, and you will be able to write the rules.
On Wednesday, November 14, 2012 12:09:52 PM UTC, Saravana Kumar wrote: > > Dear All , > > A total newbie , wanna know how to read IIS logs and generate alerts based > on events , > Is there some online material that can help me in writing rules (step by > step) , kindly help > > regards > Shaun >
