On Fri, Jul 8, 2016 at 8:50 AM, Arthur Hidalgo <[email protected]> wrote: > Hi! > > we have a problem with ossec. When we modified the rules in the following > file "local_rules.xml", the modification does not work. Ossec compiles but > the modifications are not taken into account. > Would you know why the rules aren't being modified? >
Did you change the file in /var/ossec/rules/local_rules.xml? AFAIK OSSEC doesn't require a recompile after changing a rule, just a restart. Did you restart the OSSEC processes? Beyond those simple things, we'd need to see the rules and sample log messages to be of any help at all. > regards > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
