Rules frequency="N" means it takes N+2 events to trigger the alert

[jrossi]

In OSSEC rules, the attribute frequency="N" means the rule must be matched N+2 times.
This is confusing for rules writers. Please consider fixing it by making frequency="N" actually means the rule must be matched N times.

References

1. OSSEC documentation http://www.ossec.net/doc/syntax/head_rules.html
2. Dancil Cid comment: http://marc.info/?l=ossec-list&m=129737506019367&w=2

Note: This issue has been automatically migrated from Bitbucket Created by jbcheng on 2013-07-30 21:57:01+00:00