One thing I've noticed is that the .deb packages from wazuh overwrite
local_rules.xml (they may be uninstalling the old and then installing the
new rather than just processing it as an update, not entirely sure and it
hasn't been important enough for me to track down because I have the
following workaround), fortunately, I have been able to get it back from
my rules backup archive.
--
Jim Clausing
GIAC GSE #26, CISSP
GPG Fingerprint = A507 774A 39D6 A702 9F7C 8808 3D13 77B8 AACD 848D
On or about Wed, 31 Aug 2016, Derek Day pontificated thusly:
I am trying to add some rules to my local_rules.xml file, and I've noticed
that after I add the rules, restart the ossec service, after a while maybe
10-30 minutes or so (I didn't time it) the rule is gone from the
local_rules.xml file. Is this normal behavior? where did my rules go?
Thanks for any clarification!
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
