IDS mailing list archives

Previous By Date Next
Previous By Thread Next

OSSEC and Windows messages

From: evilwon12 () yahoo com
Date: 20 Apr 2010 13:34:58 -0000
I am trying to match on a windows error message and am not having any luck.  What I do not want to do is ignore the 
rule completely, only certain messages.

An example message is this:

Integrity checksum changed for:
'C:\Win32/system32/directory1/directory2/directory3/...../name.txt'

I want to filter out based on "directory3" OR a sub-string on that. I have not been able to filter on anything in the 
message string.  My thoughts are that the forward and back slashes are causing the problem.

Has anyone else ran into this or know of a solution to this?  

Thanks!

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate 
on your web server, you can securely collect sensitive information online, and increase business by giving your 
customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
Previous By Date Next
Previous By Thread Next

Current thread: