Thanks for answer, for example, rule1 only work host1, host2, host3 and rule2 only work host5, host6, host7 how can I do that?
for example2: maybe you now manage engine eventlog analyzer. It can do. Click to link step 3 (Select Host/Group) https://www.manageengine.com/products/eventlog/help/alerts/create-alert-profile.html On Tuesday, March 27, 2018 at 3:44:52 PM UTC+3, dan (ddpbsd) wrote: > > > > On Tue, Mar 27, 2018, 8:19 AM <handea...@gmail.com <javascript:>> wrote: > >> Hi, >> >> How to generate the rule or decoder specific host/ip. >> >> I'm try rule1 or decoder1 add "<location>ip_address</location>" but is >> not work. >> > > > Yeah, that won't work. Are you trying to match any log with that IP? That > would be hard to do, not sure it's possible. > More information on what you're trying to accomplish might help. > > > -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ossec-list+...@googlegroups.com <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.