On Mon, Oct 22, 2018 at 9:44 AM 김정철 <kjc6...@gmail.com> wrote: > > There are many questions about using ossec. > If I send a log of an arbitrary application to syslog in ossec, how do I > create such an alert level in ossec? > > For example, if the famous open source such as clamav related plug-in? I am > wondering how to create an alert level in conjunction with ossec. >
Rough overview: Use ossec-logtest to see how the log message is decoded, and if it creates an alert. Add a decoder to decoder.xml if necessary, and rules to local_rules.xml > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
