https://community.cisco.com/t5/network-security/csa-6-0-rule-creation/m-p/1158885#M77873 <HTML><HEAD></HEAD><BODY><P>I will configure that, and update the thread. Thanks.</P></BODY></HTML> Fri, 23 Jan 2009 22:56:42 GMT rz7dzmeds 2009-01-23T22:56:42Z https://community.cisco.com/t5/network-security/csa-6-0-rule-creation/m-p/1158883#M77869 <P>I would like to create a File Access Control rule to generate an alert when the /var/adm/csalog is attempted to be modified on *nix systems. An Agent Service Control rule already generates an alert when this file is modified, however we need to isolate this activity down to a File Access Control rule. I have attempted to define the rule from scratch, however it's not working. Any guidance on this would be appreciated.</P> Sun, 10 Mar 2019 11:28:30 GMT https://community.cisco.com/t5/network-security/csa-6-0-rule-creation/m-p/1158883#M77869 rz7dzmeds 2019-03-10T11:28:30Z https://community.cisco.com/t5/network-security/csa-6-0-rule-creation/m-p/1158884#M77871 <HTML><HEAD></HEAD><BODY><P>Create a new File Access control rule, make it as specific as possible on src application and filename/directory, and then make it a monitor rule, it will then log it no matter what other rules are in place.</P></BODY></HTML> Fri, 23 Jan 2009 22:47:56 GMT https://community.cisco.com/t5/network-security/csa-6-0-rule-creation/m-p/1158884#M77871 jan.nielsen 2009-01-23T22:47:56Z https://community.cisco.com/t5/network-security/csa-6-0-rule-creation/m-p/1158885#M77873 <HTML><HEAD></HEAD><BODY><P>I will configure that, and update the thread. Thanks.</P></BODY></HTML> Fri, 23 Jan 2009 22:56:42 GMT https://community.cisco.com/t5/network-security/csa-6-0-rule-creation/m-p/1158885#M77873 rz7dzmeds 2009-01-23T22:56:42Z