[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] What is the best way to preserve the excluded rules in ossec.conf

To: ossec-list <ossec-list@xxxxxxxxxxxxxxxx>
Subject: [ossec-list] What is the best way to preserve the excluded rules in ossec.conf
From: "Peter M. Abraham" <peter.m.abraham@xxxxxxxxx>
Date: Thu, 09 Aug 2007 14:56:13 -0000

Greetings:

This morning I upgraded our ossec server (we use the client/agent
server approach) from 1.2 to 1.3.

Since we are still in the testing phase of ossec, and I was not sure
what rules were updated, I did answer "yes" to upgrade, but also "yes"
to install new rules.

I found that while most of /var/ossec/etc/ossec.conf was preserved,
the rules I had previously commented out where now uncommented.

Is there a "best practice" way of excluding rules from being processed
that can be preserved across updates?  If so, how?

Thank you.

Follow-Ups:
- [ossec-list] Re: What is the best way to preserve the excluded rules in ossec.conf
  - From: Daniel Cid

Prev by Date: [ossec-list] Re: OSSEC 1.3 starting on AIX 5.3
Next by Date: [ossec-list] Re: Replaying old logs
Previous by thread: [ossec-list] Re: What is the best way to modify included rules for alert levels
Next by thread: [ossec-list] Re: What is the best way to preserve the excluded rules in ossec.conf
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.