Re: [ossec-list] Error reading XML file 'rules//local_rules.xml': XMLERR: String overflow. (line 89)

Hi, yes, a cdb list is what you need. 1. Create the list: /var/ossec/lists/allow_users.txt $ cat allow_users jesuslinares: maxim: 2. Add the file to ossec.conf: lists/allow_users 3. Compile the list $ /var/ossec/bin/ossec-makelists 4. Use in your rules: lists/allow_users Example:

Re: [ossec-list] Error reading XML file 'rules//local_rules.xml': XMLERR: String overflow. (line 89)

On Mar 3, 2016 6:30 AM, "Maxim Surdu" wrote: > > is it a solution but can i create a list and a rule to read all my list from the file, or something like this because now i have 300 clinets but it can be more and it will not working more. > If that username isdecoded into a

Re: [ossec-list] Error reading XML file 'rules//local_rules.xml': XMLERR: String overflow. (line 89)

is it a solution but can i create a list and a rule to read all my list from the file, or something like this because now i have 300 clinets but it can be more and it will not working more. thanks for your responsiveness joi, 3 martie 2016, 12:13:36 UTC+2, dan (ddpbsd) a scris: > > > On Mar 3,

Re: [ossec-list] Error reading XML file 'rules//local_rules.xml': XMLERR: String overflow. (line 89)

On Mar 3, 2016 4:18 AM, "Maxim Surdu" wrote: > > Hi dear community, > > i install and configure about 10 agents, and of course i have a lot of users,a part of this users are ftp Clients > > in policy-rules.xml > > i have next rules > > > > authentication_success >

[ossec-list] Error reading XML file 'rules//local_rules.xml': XMLERR: String overflow. (line 89)

Hi dear community, i install and configure about 10 agents, and of course i have a lot of users,a part of this users are ftp Clients in policy-rules.xml i have next rules authentication_success 4 pm - 7 am Successful login during non-business hours. login_time,