X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;ds=sidebyside;f=etc%2Frules%2Fossec_rules.xml;h=7de90f58a88d0c83b96fde64a3f545fb1388aeca;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hp=2abebdb0d08fef606a33ca821c3d40c22748f285;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b;p=ossec-hids.git

diff --git a/etc/rules/ossec_rules.xml b/etc/rules/ossec_rules.xml
old mode 100755
new mode 100644
index 2abebdb..7de90f5
--- a/etc/rules/ossec_rules.xml
+++ b/etc/rules/ossec_rules.xml
@@ -134,7 +134,7 @@
 
   <rule id="531" level="7" ignore="7200">
     <if_sid>530</if_sid>
-    <match>ossec: output: 'df -h': /dev/</match>
+    <match>ossec: output: 'df -P': /dev/</match>
     <regex>100%</regex>
     <description>Partition usage reached 100% (disk space monitor).</description> 
     <group>low_diskspace,</group>
@@ -197,7 +197,7 @@
     <group>syscheck,</group>
   </rule>
   
-  <rule id="554" level="0">
+  <rule id="554" level="5">
     <category>ossec</category>
     <decoded_as>syscheck_new_entry</decoded_as>
     <description>File added to the system.</description>
@@ -293,7 +293,7 @@ Example:
 Sat May  7 03:27:57 CDT 2011 /var/ossec/active-response/bin/firewall-drop.sh delete - 172.16.0.1 1304756247.60385 31151
 -->
 
-<rule id="600" level="0">
+  <rule id="600" level="0">
     <decoded_as>ar_log</decoded_as>
     <description>Active Response Messages Grouped</description>
     <group>active_response,</group>
@@ -347,4 +347,16 @@ Sat May  7 03:27:57 CDT 2011 /var/ossec/active-response/bin/firewall-drop.sh del
     <group>active_response,</group>
   </rule>
 
+  <rule id="700" level="0">
+    <category>ossec</category>
+    <decoded_as>ossec-logcollector</decoded_as>
+    <description>Logcollector Messages Grouped</description>
+  </rule>
+
+  <rule id="701" level="0">
+    <if_sid>700</if_sid>
+    <match>INFO: </match>
+    <description>Ignore informational messages (usually at startup)</description>
+  </rule>
+
 </group> <!-- OSSEC -->