gaboroszkar
commented
5 years ago Please verify whether this is true. I'm not a developer of the software, and not familiar with the code at all, I only used the debugging features of ossec-logtest to find out these features.
The Overview section of the Rules Syntax have been improved by a small description in which order the rules are tried, and matched. The noalert attribute with description has been added to the rules specification too. In the Testing OSSEC rules/decoders section, the -f argument has been changed to -v, because -f is not a valid argument for ossec-logtest.