[ossec-list] How to query a cdb file?

Hello OSSEC group, I am looking for a way to query an OSSEC list cdb file to look up for a particular IP. Is there a simpler, probably OSSEC specific, way beside of cdbdump or tinycdb? A tool, similar to ossec-logtest, to query cdb might help me to confirm that any CIDR is supported in a plain

[ossec-list] Re: Alerts generated despite level '0' rule being hit

Yes, via ./ossec-control -r On Thursday, January 26, 2017 at 4:41:20 PM UTC-5, Daniel B. wrote: > > > > > > > full_log: > Files hidden inside directory > '/var

Re: [ossec-list] Alerts generated despite level '0' rule being hit

On Thu, Jan 26, 2017 at 4:41 PM, Daniel B. wrote: > > > > full_log: > > Files hidden inside directory > '/var/lib/docker/aufs/mnt/545d04c068f0f7ce19361a94d1c43b0c6686a0dfdd45e1803ccee569acc1767b/usr/share/locale'. > Link count does not match number of files (54,70). > > I have a rule setup to ig