On Tue, Jan 27, 2015 at 10:58 AM, Johnatan Camargo <[email protected]> wrote: > Hello! > I am starting studies with OSSEC. I am in doubt as he makes monitoring > OfficeScan malware alerts. > > > I found that there is a rule 'trend-osce-rules.xml'. What I need to do to > match this rule and generate detection logs? > Both OSSEC agent as the OfficeScan client station running on the same > machine. >
Is OSSEC seeing the log messages from OfficeScan? You can turn the log all option on in the manager's ossec.conf. This also gives you samples if the log messages are being seen. Using the log samples and ossec-logtest, writing rules is generally a breeze > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
