[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] My own rules

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] My own rules
From: Dan <securitydan@xxxxxxxxx>
Date: Tue, 18 Sep 2007 16:22:41 +0200
Authentication-results: mx.google.com; spf=pass (google.com: domain of securitydan@xxxxxxxxx designates 66.249.92.169 as permitted sender) smtp.mail=securitydan@xxxxxxxxx; dkim=pass (test mode) header.i=@xxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:mime-version:x-gpgmail-state:content-type:message-id:content-transfer-encoding:from:subject:date:to:x-mailer; bh=jzWpOe6Uep66t3fOUasIWF2T1inuRNvOiQXjEQsACq0=; b=NKfRCEsUsogrmOjuNQqs5V4EQ9T+XohfbkrZ2SrLwHa/oU+qasHH0zULxz0aE+hFiZKVLoGzqmS+2oVgG1Z1LolPsne2IxE6mswwD6jsk1O+BlvH51mPP5x/E9lYr5ES3buys1pgvNxdocPjJoDUbDGB0UPqr12QrSbTi0dEf0Y=

Hi Ossec-List

I need to configure my own rules. I need to check a special log file  
and i also need to write some rules for a special syslog message.

How can i write these two rules in the best way and i which xml file  
i have to integrate ist?
My idea was, that i create my own rules xml file for the special  
logfile and insert the special syslog rules in the local_rules.xml.

Is that they right way or does anybody have a better idea?

Regards,
Daniel

Follow-Ups:
- [ossec-list] Re: My own rules
  - From: Peter M. Abraham

Prev by Date: [ossec-list] Re: Regex Help
Next by Date: [ossec-list] Re: Problem with log_format named
Previous by thread: [ossec-list] Cron jobs running as nobody
Next by thread: [ossec-list] Re: My own rules
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.