hi
i write rule like this
<group name="rsyslog,">
<rule id="105001" level="0">
<decoded_as>rsyslog-pstats</decoded_as>
<extra_data>^0</extra_data>
<description>rsyslog is right</description>
</rule>
<rule id="105002" level="13">
<decoded_as>rsyslog-pstats</decoded_as>
<extra_data>^1</extra_data>
<description>rsyslog is wrong</description>
</rule>
</group>
but the problem is if extra_data value like "21" can not match it....
thanks&Best Regards
From: root
Date: 2013-03-04 17:08
To: ossec-list
Subject: how can i match nonzero in rules?
hi,
now i has match "discarded " value in rsyslog-stats,i want monitoring this if
value is "0" no alert and if not alert it!
so how can i do?
thanks&Best Regards
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
