Personally, I wouldn't relegate OSSEC to run the syscheck components only. I would encourage you to keep the rules...
OSSEC is noisy at first... but the goal is simple. Find ways to quiet OSSEC without inhibiting its ability to detect and alert you of malicious activity. That second part of the statement is the key. http://www.ossec.net/ossec-docs/OSSEC-book-ch4.pdf There are folks here that can help if you want to configure your ossec to be a little more quiet... and you'll learn a little about Linux in the process. And a little noise is comforting also... I worry when OSSEC is quiet... On Tuesday, December 16, 2014 7:28:29 AM UTC-8, Jacob W wrote: > The rules we have right now are generating way too much traffic. My boss > has asked that we rem or comment out the rules so we just have the syscheck > running. > > **I am no Linux guru** > > I went into and made <!-- and finished with --> in each rule line. > EXAMPLE - <!-- <include>ms-exchange_rules.xml</include> --> > > When I restart the ossec-control then run the start I get: OSSEC > analysisd: Testing rules failed. Configuration error. Exiting. > > > Thoughts? > > Thanks!!! > > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
