Could you give me an example? Both decode and rule. Vào 23:11:35 UTC+7 Thứ hai, ngày 22 tháng chín năm 2014, dan (ddpbsd) đã viết: > > On Mon, Sep 22, 2014 at 6:53 AM, Bùi Viết Hướng > <[email protected] <javascript:>> wrote: > > I can't create rules with parameters such as user name, IP source, > program > > name(ssh, ...)......, and then can change the parameters and create a > new > > rule. Could anyone tell me the way? > > > > Some of these things work, some don't. It mostly depends on the > decoder. Some actual examples would help, but as it stands this > message has almost no information that I'd need to really help. > > For srcip you can use: <srcip>IP_ADDRESS</srcip> > For user you can use: <user>USERNAME</user> > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. >
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
