[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] adding user-defined filters

To: ossec-list@xxxxxxxxx
Subject: [ossec-list] adding user-defined filters
From: "Meir Michanie" <meirgotroot@xxxxxxxxx>
Date: Sun, 2 Jul 2006 18:58:19 +0300

hi list, second post.
I tried to add a new filter file in order to set up my own rules.
I copied firewall_rules.xml to user_defined.xml
I changed the numbers to 9000 , 9001 ...
adding the rules file as last in etc/ossec.conf does not gives any error but does not detect nothing
adding it first fails to start saying that can not find category 3
adding it just before firewall_rules works.
RFC are welcome.

inline is the new file user_defined_rules.xml
<group name="ids">
<rule id="9000" level="0">
    <category>firewall</category>
    <description>Firewall rules grouped.</description>
</rule>

<rule id="9099" level="10">
    <if_sid>9000</if_sid>
        <regex>DPT=22</regex>
        <description>Someone connected to port 22</description>
</rule>
</group>

--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---

Follow-Ups:
- [ossec-list] Re: adding user-defined filters
  - From: Meir Michanie

Prev by Date: [ossec-list] apache decoder
Next by Date: [ossec-list] Re: adding user-defined filters
Previous by thread: [ossec-list] Re: apache decoder
Next by thread: [ossec-list] Re: adding user-defined filters
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.