Hi Michael and Dan, To Michael's question - yes - I did mention I have overwrite"=yes" and still got the errors.
To Dan -- I did get the "book" and saw how there is another way as you mention - creating the new rule, with the if_sid and then changing that to "0", but the book also mentioned just changing the level to "0", however, I do understand the book was written back in the 1.x days. I am using the tar ball directly from ossec.net download. I will try some more experimentation and see what I can come up with and perhaps post examples. Of course, my luck, if I do it again, it will all just magically "work" - but we will see I guess. ~J -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
