Re: [ossec-list] Re: important questions on CDB lists

Hi Omar, if you don't mind, please share your decoders, rules and CDB list and I can test it in my lab. Thanks. On Wednesday, December 7, 2016 at 9:01:18 PM UTC+1, Omar M wrote: > > Hi Dan, > Thanks for the quick response. > > The objective is to create a rule that will trigger if a restricted

Re: [ossec-list] Re: important questions on CDB lists

Hi Dan, Thanks for the quick response. The objective is to create a rule that will trigger if a restricted package is installed on the system. This is what I've done so far: 1. Created a custom decoder for Yum. This works fine. The logs are decoded properly and the name of the package

Re: [ossec-list] Re: important questions on CDB lists

On Wed, Dec 7, 2016 at 12:39 PM, Omar M wrote: > Did anyone find a solution to this problem? > > I've compiled the CDB and created the rules but cannot seem to get the > lookup to work > I'd really need more information than this to help you. -- --- You received

[ossec-list] Re: important questions on CDB lists

Did anyone find a solution to this problem? I've compiled the CDB and created the rules but cannot seem to get the lookup to work On Friday, March 18, 2016 at 3:42:50 PM UTC-4, theresa mic-snare wrote: > > ehlo *, > > I have an important question about CDB lists, as I'm just researching for >