Thanks for the 2 replies and I will read the pdf. On Tuesday, December 16, 2014 4:40:58 PM UTC-6, Brent Morris wrote: > > Personally, I wouldn't relegate OSSEC to run the syscheck components > only. I would encourage you to keep the rules... > > OSSEC is noisy at first... but the goal is simple. Find ways to quiet > OSSEC without inhibiting its ability to detect and alert you of malicious > activity. That second part of the statement is the key. > > http://www.ossec.net/ossec-docs/OSSEC-book-ch4.pdf > > There are folks here that can help if you want to configure your ossec to > be a little more quiet... and you'll learn a little about Linux in the > process. And a little noise is comforting also... I worry when OSSEC is > quiet... > > > > > > On Tuesday, December 16, 2014 7:28:29 AM UTC-8, Jacob W wrote: > >> The rules we have right now are generating way too much traffic. My boss >> has asked that we rem or comment out the rules so we just have the syscheck >> running. >> >> **I am no Linux guru** >> >> I went into and made <!-- and finished with --> in each rule line. >> EXAMPLE - <!-- <include>ms-exchange_rules.xml</include> --> >> >> When I restart the ossec-control then run the start I get: OSSEC >> analysisd: Testing rules failed. Configuration error. Exiting. >> >> >> Thoughts? >> >> Thanks!!! >> >> >> >>
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
