Focus on IDS
Re: RE: Re: OSSEC and Windows messages May 17 2010 12:27PM
evilwon12 yahoo com
Actually got this working. I am still not 100% sure why it was not working earlier.

What I had to do was include the full path, out to the directory I want to exclude, in my match.

As I said, it was C:\Windows/system32/dir1/dir2/dir3/.../dirx/file.out

I was trying to match only on "dirM" and that was constantly failing. By putting the entire path into my match rule, it worked.

Some people mentioned that I could do this at the system level, but that is a huge pain when you have 40+ clients. I would rather do this once at the server level and be done with it.

Thanks everyone!

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus