[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-dev] Suggested addition to default shipping syslog rules

To: ossec-dev@xxxxxxxxx
Subject: [ossec-dev] Suggested addition to default shipping syslog rules
From: "Jess Bromley" <j.bromley@xxxxxxxxxxxxx>
Date: Fri, 15 Sep 2006 17:34:46 +0100
Organization: University of Bristol


Quick suggestion.  The useradd that ships with SuSE linux sends:

... useradd[123456]: new account added ...

instead of "new user".  It might be a good idea to add a regex for this to  
rule 5902 in the default shipping syslog_rules.xml.  (I know how to do  
this myself, but it seems to me important enough that it should be done  
already in the default install...)

Similarly SuSE reports "account deleted" rather than "user deleted".

I'm not on the list so email me direct if you would like any further info.

J Bromley

Follow-Ups:
- [ossec-dev] Re: Suggested addition to default shipping syslog rules
  - From: Daniel Cid

Prev by Date: [ossec-dev] OSSEC Notification - enigma - Alert level 7
Next by Date: [ossec-dev] Re: Suggested addition to default shipping syslog rules
Previous by thread: [ossec-dev] OSSEC Notification - enigma - Alert level 7
Next by thread: [ossec-dev] Re: Suggested addition to default shipping syslog rules
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.