Hi Chris,
The location where the alert came from can be searched using the
hostname tag.
For example:
rule id=110007 level=0
if_sid1003, 31101, 1002/if_sid
hostnameerror_log/hostname
descriptionWeb log ignore./description
/rule
Basically, when you look at an alert it has:
Greetings Chris:
Are you asking to ignore logs for all clients or just some?
If all, then what, may I ask, are you using OSSEC to monitor?
Thank you.
Message -
From: ossec-list@googlegroups.com ossec-list@googlegroups.com
To: ossec-list ossec-list@googlegroups.com
Sent: Fri Sep 14 18:09:10 2007
Subject: [ossec-list] Re: Ignore clients logs from the server
Greetings Chris:
Are you asking to ignore logs for all clients or just some?
If all