Hello,
use Ossec version 2.9.4
Iwant to define interval filter in ossec windows client?
For example like this events between 4700 (including) and 4705 (including)
<localfile>
<location>Security</location>
<log_format>eventchannel</log_format>
<query>Event/System[EventID \>=4700 and EventID \<=4705]</query>
</localfile>
I would like to difene a interval, But, I get an error when I use this
query:
<query>Event/System[*EventID>=4700 and EventID<=4705*]</query>
ERROR: Error reading XML file 'ossec.conf': XMLERR: Element '=4705]</query'
not closed. (line 31).
Thanks for help
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
