On 2013-12-26 10:22, 22emitch wrote:
I was looking through my rule files and I saw this rule and was
wondering if the numbers between the <id></id> tags are windows event
error id's since the OSSEC rule id is already at the top of the rule.
I am wondering this because with rule 18154 I want to ignore any
events with windows event log error:(1111). Thank you ahead of time
guys!
ID refers to whatever the decoder writer decides it should be. In the
case of Windows, this refers to the Windows event ID.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
