+++ /dev/null
-<!-- @(#) $Id: ./etc/rules/local_rules.xml, 2011/09/08 dcid Exp $
-
- - Example of local rules for OSSEC.
- -
- - Copyright (C) 2009 Trend Micro Inc.
- - All rights reserved.
- -
- - This program is a free software; you can redistribute it
- - and/or modify it under the terms of the GNU General Public
- - License (version 2) as published by the FSF - Free Software
- - Foundation.
- -
- - License details: http://www.ossec.net/en/licensing.html
- -->
-
-
-<!-- Modify it at your will. -->
-
-<group name="local,syslog,">
-
- <!-- Note that rule id 5711 is defined at the ssh_rules file
- - as a ssh failed login. This is just an example
- - since ip 192.0.2.1 shouldn't be used anywhere.
- - Level 0 means ignore.
- -->
- <rule id="100001" level="0">
- <if_sid>5711</if_sid>
- <srcip>192.0.2.1</srcip>
- <description>Example of rule that will ignore sshd </description>
- <description>failed logins from IP 1.1.1.1.</description>
- </rule>
-
-
- <!-- This example will ignore ssh failed logins for the user name XYZABC.
- -->
- <!--
- <rule id="100020" level="0">
- <if_sid>5711</if_sid>
- <user>XYZABC</user>
- <description>Example of rule that will ignore sshd </description>
- <description>failed logins for user XYZABC.</description>
- </rule>
- -->
-
-
- <!-- Specify here a list of rules to ignore. -->
- <!--
- <rule id="100030" level="0">
- <if_sid>12345, 23456, xyz, abc</if_sid>
- <description>List of rules to be ignored.</description>
- </rule>
- -->
-
-</group> <!-- SYSLOG,LOCAL -->
-
-
-<!-- EOF -->