yes, i change and all rules are loaded when ossec is started miercuri, 23 decembrie 2015, 16:58:18 UTC+2, dan (ddpbsd) a scris: > > On Wed, Dec 23, 2015 at 9:49 AM, Maxim Surdu <[email protected] > <javascript:>> wrote: > > This rule is locate in /var/ossec/rules/policy_rules.xml > > > > Is policy_rules.xml loaded in your ossec.conf? Generally that entry is > commented out in a default installation. > > > > > miercuri, 23 decembrie 2015, 16:39:18 UTC+2, Maxim Surdu a scris: > >> > >> yes i want for a specific mail, but i not recieve mail form this alert > >> > >> miercuri, 23 decembrie 2015, 15:39:52 UTC+2, Maxim Surdu a scris: > >>> > >>> Hi everyone, > >>> > >>> I am new in Ossec, i installed Virtual Appliance of ossec, all is > working > >>> fine, can i do to ossec mail me for specific rule? > >>> for example for this rule > >>> > >>> > >>> <group name="policy_violation,"> > >>> <rule id="17101" level="9"> > >>> <if_group>authentication_success</if_group> > >>> <time>06:00 pm - 09:00 am</time> > >>> <description>Successful login during non-business > >>> hours.</description> > >>> <group>login_time,</group> > >>> </rule> > >>> > >>> > >>> > >>> Any help would be greatly appreciated > >>> > >>> Thanks, > >>> Maxim > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. >
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
