On Feb 22, 2016 10:22 AM, "thak" <tha.kel...@gmail.com> wrote: > > What's the best way to get a list of the rules, ideally by rule # and short descriptive name (e.g., like the alerts..."Rule: 5403 fired (level 4) -> "First time user executed sudo."). I need a list to update some security and compliance documentation prior to an upcoming audit. >
All of the rules are available in the /var/ossec/rules directory. I don't think it would be too difficult to write a script to grab the names and ids. > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.