> > We already have a rule for this, but it looks like maybe there is > another event log ID which needs to be added. Try this: > > <rule id="18147" level="5" overwrite="yes"> > <if_sid>18101</if_sid> > <id>^11707$|^1035$</id> > <options>alert_by_email</options> > <description>Application Installed.</description> > </rule> > > Thank Michael Starks > >
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
