On 08.10.2013 08:06, dan (ddp) wrote:
On Tue, Oct 8, 2013 at 8:55 AM, Réz András <[email protected]>
wrote:
Dear Community,
i am a fresh ossec user, and I would like to apply specific rules to
specific log files.
So, in this example, i have 4 rule, and 4 log files.
My goal is, the rule1 only apply to 1.log, rule2 only apply to
2.log, ...
I see manual, but not find the assignment oiptios in config file.
I hope my question is understandable.
There are no options to limit a rule to a specific log file.
I was actually thinking about this yesterday and I think I remember
that the <hostname> element will also match on the log source (e.g.
/var/log/messages). It's worth a shot.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
