You mean adding those logical "if" to every rule in the OSSEC DB ?
sounds a bit extreme to me . as we are talking about almost 1400 rules.
Assaf
Dave S wrote:
Assaf,
You can add <srcip> or <hostname> tags to any rule to limit which
hosts a rule applies to.
To unsubscribe from this group, send email to ossec-list+unsubscribegooglegroups.com or
reply to this email with the words "REMOVE ME" as the subject.
--
Assaf Flatto
Linux System Administrator
No.9 | 6 Portal Way | London | W3 6RU |
T: +44 (0)20 8896 8405 | M: +44 (0)75 3568 1067
-----------------------------------------------------------------------------------------------------------------------------------------
LOVEFiLM UK Limited is a company registered in England and Wales.
Registered Number: 06528297.
Registered Office: No.9, 6 Portal Way, London W3 6RU, United Kingdom.
This e-mail is confidential to the ordinary user of the e-mail address to which it was addressed. If you have received it in error,
please delete it from your system and notify the sender immediately.
This email message has been delivered safely and archived online by Mimecast.
For more information please visit http://www.mimecast.co.uk
-----------------------------------------------------------------------------------------------------------------------------------------
To unsubscribe from this group, send email to ossec-list+unsubscribegooglegroups.com or
reply to this email with the words "REMOVE ME" as the subject.
