Hi dear community,
i install and configure about 10 agents, and of course i have a lot of
users, i need to monitoring when they are working or drink coffee
in ossec_rules.xml
i have next rules
<rule id="534" level="1">
<if_sid>530</if_sid>
<match>ossec: output: 'w'</match>
<check_diff />
<options>alert_by_email</options>
<description>List of logged in users. It will not be alerted by
default.</description>
</rule>
<rule id="535" level="1">
<if_sid>530</if_sid>
<match>ossec: output: 'last -n </match>
<check_diff />
<options>alert_by_email</options>
<description>List of the last logged in users.</description>
</rule>
i have linux and windows machines but mail is coming just from one
machine(linux) how about the rest
what i did wrong?
i appreciate your help, and a lot of respect for developers and community!
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
