[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Seeking help with custom rule

To: ossec-list <ossec-list@xxxxxxxxxxxxxxxx>
Subject: [ossec-list] Seeking help with custom rule
From: "Peter M. Abraham" <peter.m.abraham@xxxxxxxxx>
Date: Wed, 19 Sep 2007 00:56:04 -0000

Greetings:

Apache error_log entry:

[Tue Sep 18 19:04:59 2007] [error] [client 195.244.128.240] Invalid
URI in request GET /../_vti_bin/shtml.exe/SI/contest.htm/map HTTP/1.1


How would I write the match portion of the rule to just key in on
"Invalid URI" and "shtml.exe"?

Thank you.

Follow-Ups:
- [ossec-list] Re: Seeking help with custom rule
  - From: Daniel Cid

Prev by Date: [ossec-list] ossec2mysql
Next by Date: [ossec-list] Re: Seeking help with custom rule
Previous by thread: [ossec-list] ossec2mysql
Next by thread: [ossec-list] Re: Seeking help with custom rule
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.