On Sep 28, 2017 2:54 PM, "Kris Springer" <[email protected]> wrote:
So I found a file called *msauth_rules.xml* on my *Ossec Server*, which has many rules in there regarding windows logins. The log level is set to 0 on the rules I want enabled. What does each log level represent? I've browsed the Ossec online manual and I'm not seeing a list of log level definitions. Can someone please provide a list? https://github.com/ossec/ossec-hids/blob/master/doc/rules.txt This is a general guideline. Can someone also please confirm that to accomplish my goal I just need to edit each rule level that I want to flag, and that the files I'm editing live on the Ossec server, not the agents (clients)? As always, the agents do not have a copy of the rules. They're unnecessary on the agents. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
