Hello List, My first time writing to this list. I have OSSEC running on Ubuntu 10.4 and have windows client machines. There is not much on the website regarding rules so I purchased the OSSEC book. But I am still confused about how to you custom write rules to monitor specific directories. Lets say if I wanted to monitor C:\Test_TPS folder and files within this directory on the windows machine, what would I have to do in order to make sure that client is configured for this and server is also monitoring this directory for any changes and integrity? If anyone can elaborate a little bit on this I would highly appreciate it. FYI i am a *nix newbie.
Thanks a lot in advance. -- Best Regards, Aamir Niazi
