[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Rule ID explanation

To: ossec-list <ossec-list@xxxxxxxxxxxxxxxx>
Subject: [ossec-list] Rule ID explanation
From: FastZ <matt.swint@xxxxxxxxx>
Date: Thu, 09 Aug 2007 16:24:01 -0000

Folks,
I am running the latest version of OSSEC HIDS and I installed the Web
UI for ease of use.  On the main page of the WUI, under "Latest
Events", I am getting updates of what's going on on the machine being
watched.  Beside each event is a "Rule ID: xxx", with the rule number
hyperlinked.  The URL that the link takes me to is a wiki that is
supposed to be on that machine, which there isn't one.  Where can I
find out details about each rule ID?

For example:  "2007 Aug 09 11:16:59 Rule Id: 1002 level: 7"

the "1002" is hyperlinked but takes me to a non-existent wiki page on
the machine, http://xxx.xxx.xxx/wiki/rules/1002.  I looked on the
OSSEC wiki site for something about "rule" but couldn't find
anything.  Am I looking in the wrong place or what?

Thanks for the help.
FastZ

Follow-Ups:
- [ossec-list] Re: Rule ID explanation
  - From: Noel Sanchez

Prev by Date: [ossec-list] Re: Replaying old logs
Next by Date: [ossec-list] ossec 1.3 on Solaris 7 ... destination address required
Previous by thread: [ossec-list] Re: What is the best way to preserve the excluded rules in ossec.conf
Next by thread: [ossec-list] Re: Rule ID explanation
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.