[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] What is the best way to modify included rules for alert levels

To: ossec-list <ossec-list@xxxxxxxxxxxxxxxx>
Subject: [ossec-list] What is the best way to modify included rules for alert levels
From: "Peter M. Abraham" <peter.m.abraham@xxxxxxxxx>
Date: Thu, 09 Aug 2007 14:54:06 -0000

Greetings:

What is the best way to modify the included ossec rules to change the
alert levels so those changes will be preserved come upgrade time?

If I copy the rule set to local_rules.xml, then do rules in
local_rules.xml that have the exact same rule id as another file (say
apache_rules.xml) override apache_rules.xml for the given rule in
question?

Thank you.

Follow-Ups:
- [ossec-list] Re: What is the best way to modify included rules for alert levels
  - From: Daniel Cid

Prev by Date: [ossec-list] Re: Monitoring Cisco network devices using OSSEC HIDS
Next by Date: [ossec-list] Re: OSSEC 1.3 starting on AIX 5.3
Previous by thread: [ossec-list] ossec 1.2 and 1.3 problems handling Window servers with multiple IP addresses
Next by thread: [ossec-list] Re: What is the best way to modify included rules for alert levels
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.