[ossec-cvs] ossec-hids: ossec_rules.xml (HEAD) [dcid]

[OSSEC CVS <cvs-commit@xxxxxxxxx>]

Module name:	ossec-hids
Changes by:	dcid	07/08/28 00:08:14

Modified files:
	ossec_rules.xml

Log message:
Description: Making sure it works with PostgreSQL and adding more error handling (reconnects, etc). Additional ossec rules to alert on file rotation and when a log file has the file reduced.
Reviewed by: dcid
Bug:

Index: ossec_rules.xml
===================================================================
RCS file: /usr/cvsroot/ossec-hids/etc/rules/ossec_rules.xml,v
diff -u -r1.12 -r1.13
--- ossec_rules.xml	22 Aug 2007 00:39:31 -0000	1.12
+++ ossec_rules.xml	28 Aug 2007 03:08:14 -0000	1.13
@@ -134,7 +134,8 @@
     <description>File added to the system.</description>
     <group>syscheck,</group>
   </rule>
-  
+
+  <!-- Hostinfo rules -->  
   <rule id="580" level="8">
     <category>ossec</category>
     <decoded_as>hostinfo_modified</decoded_as>
@@ -148,5 +149,19 @@
     <description>Host information added.</description>
     <group>hostinfo,</group>
   </rule>
+
+
+  <!-- File rotation/reducded rules -->
+  <rule id="591" level="3">
+    <if_sid>500</if_sid>
+    <match>^ossec: File rotated </match>
+    <description>Log file rotated.</description>
+  </rule>
   
+  <rule id="592" level="8">
+    <if_sid>500</if_sid>
+    <match>^ossec: File size reduced</match>
+    <description>Log file size reduced.</description>
+    <group>attacks,</group>
+  </rule>
 </group> <!-- OSSEC -->