Re: [ossec-list] ossec-logtest verbosity levels...

On Wed, Mar 14, 2018 at 12:53 PM, Ian Brown wrote: > Dan, > > Okay, so say I make two rules. 100014 that uses the first match, and 100015 > that uses the second. Is there a way to revert back to 18105 if 100014 > matches but 100015 doesn't? > Unfortunately, no. You could

Re: [ossec-list] ossec-logtest verbosity levels...

Dan, Okay, so say I make two rules. 100014 that uses the first match, and 100015 that uses the second. Is there a way to revert back to 18105 if 100014 matches but 100015 doesn't? On Tuesday, March 13, 2018 at 3:31:15 AM UTC-7, dan (ddpbsd) wrote: > > > I think this combined the matches,

Re: [ossec-list] ossec-logtest verbosity levels...

On Mon, Mar 12, 2018 at 4:46 PM, Ian Brown wrote: > Is it possible to crank up the verbosity of ossec-logtest so that I can see > if individual lines in a rule match? I'm stuck on something that's got me > flustered. > > I've got what I think is a simple rule, but damn if I

[ossec-list] ossec-logtest verbosity levels...

Is it possible to crank up the verbosity of ossec-logtest so that I can see if individual lines in a rule match? I'm stuck on something that's got me flustered. I've got what I think is a simple rule, but damn if I can get it to work: This is the log entry: 2018 Mar 12 13:14:22 WinEvtLog: