I've worked out a different solution that uses Powershell and wmi to detect
currently connected win32_diskdrives. The notification output it provides
is in the following format:
OSSEC HIDS Notification.
2012 Jul 18 14:39:04
Received From: (xxx) x.x.x.x>USBDevices
Rule: 503002 fired (level 7
ules
into local.
Any other suggestions?
On Apr 18, 4:52 am, "dan (ddp)" wrote:
> What happens if you stop modifying syslog_rules.xml and add your rules
> to local_rules.xml?
>
>
>
>
>
>
>
> On Mon, Apr 16, 2012 at 11:59 AM, sklauminzer wrote:
> &
I have modified my syslog_rules.xml to exclude alerts for standard OSX
Server error messages and while they work in ossec-logtest they do not
alter the alerting policy on the server.
Rule from syslog_rules:
1002
servermgrd
no_email_alert
Server Manager errors ignore
E