gistfile1.txt

Others and I have started Wiki clean up and organization at ossec.net/wiki you can see a fair amount of changes already.  Mostly around look and feel and being able to find things.  

Some simple ways to help right now.

* Watch for spam and/or defacement
* Categories


=== Watch for spam and or defacement. ===

As the wiki permissions have changed (editable with out auth from dcid) so spam is starting to show up.  The simplest way to stop this is the subscribe to the "recent changes" feeds here:

atom: http://www.ossec.net/wiki/index.php?title=Special:RecentChanges&feed=atom
rss: http://www.ossec.net/wiki/index.php?title=Special:RecentChanges&feed=rss

When new pages are created by spam bots delete them.  If needed make a log message on the deletion that the ip needs to be block.  One of the wiki admins will then be able to start the banning of bot address ranges. 


=== Categories ===

I have started to layout the wiki using categories to simplify finding related data.  A good example of this the "know how" sections of the wiki which you can see here: http://www.ossec.net/wiki/Category:Know_how . You also see the complete listing of categories at this page: http://www.ossec.net/wiki/Special:Categories

The use of categories is straight forward.  If a page involves an usage of the ossec.conf attach the markup [[Category:ossec.conf]] to the bottom of that page.  This greatly eases the finding of related content on the wiki.  

Some areas that need categories on right now are the logs sample pages. Here is an example of how to categoize the log sample section:

The Cisco log samples all have the following categoies:

[[Category:log::samples]]
[[Category:log::samples::cisco]]

The Linux sections have:

[[Category:log::samples]]
[[Category:log::samples::linux]]

with an optional app category like:

[[Category:log::samples::linux::ftp]]