No, the rule is not commented. Meanwhile, I delete the --> sign...
-----Mensaje original----- De: [email protected] [mailto:[email protected]] En nombre de dan (ddp) Enviado el: miércoles, 05 de octubre de 2016 09:25 a.m. Para: [email protected] Asunto: Re: [ossec-list] last -10 On Wed, Oct 5, 2016 at 10:15 AM, Adiel Navarro <[email protected]> wrote: > Sure, > I configured the next rule in local_rules.xml on the ossec server: > > <rule id="140126" level="7"> > <if_sid>530</if_sid> > <match>ossec: output: 'last -10 </match> > <check_diff /> > <description>Last connections. </description> </rule> --> > The "-->" marks the end of a comment. Could you possibly have the rule currently commented out? > > L.I. Adiel Jesús Navarro Rosado > Analista OyM Seguridad Operativa > A: [email protected] > '. Ext. 5179 > È: 5510101509 > > > -----Mensaje original----- > De: [email protected] [mailto:[email protected]] > En nombre de dan (ddp) Enviado el: miércoles, 05 de octubre de 2016 06:22 a.m. > Para: [email protected] > Asunto: Re: [ossec-list] last -10 > > On Tue, Oct 4, 2016 at 6:21 PM, Aj Navarro <[email protected]> wrote: >> i want to monitoring the last connections on a server. >> >> I configuring last -10 command on a ossec.conf client >> >> <localfile> >> <log_format>full_command</log_format> >> <command>last 10</command> >> <frequency>60</frequency> >> </localfile> >> I need that the output of this command will send to the ossec server, >> but I not watching any alert on the ossec wui. >> >> can i need to configure anything else on the client or on the ossec server? >> >> > > Did you create a rule to look for the information coming from the command? > >> >> >> >> -- >> >> --- >> You received this message because you are subscribed to the Google >> Groups "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, >> send an email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
