The rule chapter of the OSSEC book is online here: http://www.ossec.net/ossec-docs/OSSEC-book-ch4.pdf
It should help you build a good rule set. Scott On Nov 14, 2012, at 4:30 AM, Tho Trinh Truong <[email protected]> wrote: > > >>> My system is 1 server ossec and many client mode agents(mode agents can >>> install in linux and windows) >>> Now i want to create ossec rule. When agents are installed some applicated >>> softwares.Immediately, agents will send warnings to server.can you help me?
