Is it possible runIs it possible run two rules on one event? Example: I have windows fileserver and need to create alarm if somebody access specific file.
I created rule in local_rules, but ossec default windows rule is activated first and my rule is ignored. I don't want to remove default ossec windows rule because I need it to alert on other events (like access to server, new user created, etc)? Example: I have windows fileserver and need to create alarm if somebody access specific file. I created rule in local_rules, but ossec default windows rule is activated first and my rule is ignored. I don't want to remove default ossec windows rule because I need it to alert on other events (like access to server, new user created, etc) -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
