Hi Tahir,
I didn't test it but it should work:
local_rules.xml:
<rule id="100001" level="14">
<if_group>syscheck</if_group>
<description>Increasing the Alert Severity for syscheck</description>
</rule>
In case you need filter by folders you could use *match *or *regex*. Check
out the last example in the documentation
<http://ossec-docs.readthedocs.org/en/latest/manual/syscheck/index.html#configuration-examples>
.
Regards,
Jesus Linares.
On Tuesday, April 26, 2016 at 7:15:40 PM UTC+2, Tahir Hafiz wrote:
>
> Guys I am staring at this:
>
> <!-- Directories to check (perform all possible verifications) -->
> <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
> <directories check_all="yes">/bin,/sbin</directories>
>
>
> Does anyone know where I can change the default alert level for those
> directories above - I want to modify changes to the above to Alert Level 14?
> Basically, I am hooking OSSEC into Nagios alerting with a shell script but
> I only want to be alerted (hook into Nagios) at Level 14 or above.
>
> Is there a way I can do it in the standard config file:
> /var/ossec/etc/ossec.conf
>
> I would prefer not to modify anything in the rules directory but just have
> any mods in the same place in the standard config file.
>
> Cheers,
> Tahir
>
>
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
