On Thu, Oct 6, 2016 at 5:40 PM, Adiel Navarro <[email protected]> wrote: > OK, im turning logall option > > Im checking the command and its was an error : last 10 > I change for the correct sentence (last -10) and configure the next rule: > > <rule id="140126" level="7"> > <if_sid>530</if_sid> > <match>ossec: output: '/usr/bin/last -10 </match>
The log sample you posted did not have a space after the "10" > <check_diff /> > <description>Last connections. </description> > </rule> > > But I cannot see the alert on the ossec gui > Did the output of the command change? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
