IDS mailing list archives
OSSEC and Windows messages
From: evilwon12 () yahoo com
Date: 20 Apr 2010 13:34:58 -0000
I am trying to match on a windows error message and am not having any luck. What I do not want to do is ignore the rule completely, only certain messages. An example message is this: Integrity checksum changed for: 'C:\Win32/system32/directory1/directory2/directory3/...../name.txt' I want to filter out based on "directory3" OR a sub-string on that. I have not been able to filter on anything in the message string. My thoughts are that the forward and back slashes are causing the problem. Has anyone else ran into this or know of a solution to this? Thanks! ----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
Current thread:
- OSSEC and Windows messages evilwon12 (Apr 20)