[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: Seeking help with custom rule

To: ossec-list <ossec-list@xxxxxxxxxxxxxxxx>
Subject: [ossec-list] Re: Seeking help with custom rule
From: "Peter M. Abraham" <peter.m.abraham@xxxxxxxxx>
Date: Wed, 19 Sep 2007 02:10:37 -0000

Greetings Daniel:

That works; thank you.  A related question.

What if the log was as follows from Apache error_log:

[Tue Sep 18 20:53:47 2007] [error] [client 203.122.241.211] File does
not exist: /hsphere/local/home/april3/mythicalrealm.com/_vti_bin/
shtml.exe/_vti_rpc

And I wanted to key in on

"File does not exist" and "shtml.exe" and "_vti_rpc"

What would the match look like then?

Thank you.

Follow-Ups:
- [ossec-list] Re: Seeking help with custom rule
  - From: Peter M. Abraham
- [ossec-list] Re: Seeking help with custom rule
  - From: Daniel Cid

References:
- [ossec-list] Seeking help with custom rule
  - From: Peter M. Abraham
- [ossec-list] Re: Seeking help with custom rule
  - From: Daniel Cid

Prev by Date: [ossec-list] Re: Problem on email notification
Next by Date: [ossec-list] Re: My own rules
Previous by thread: [ossec-list] Re: Seeking help with custom rule
Next by thread: [ossec-list] Re: Seeking help with custom rule
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.