Hello, Lets say I have a script which runs once every half an hour. With a latency difference in about 10-20 seconds. Would it be possible to match the following:
1. Time 2. Hostname 3. Username The reason I prefer more than a single match, i.e only time is to not by mistake miss an actual event. <rule id="100203" level="0" timeframe="20"> <if_sid>5501</if_sid> <time>**:30</time> <hostname>agent-hostname</hostname> <user>ssh-user</user> <options>no_email_alert</options> <description>Ignore rule 5501 for host </description> </rule> Kind regards, Fredrik -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
