Hello there,
could someone help me exclude this message from ossec:
OSSEC HIDS Notification.
2018 Mar 01 11:02:10
Received From: mail->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Mar 1 11:02:10 mail systemd-logind: Failed
Dmitriy, custom rules can only be numbered between 100,000 and 119,999.
Change the rule number you used (400,001) to between the allowed range.
You can then use the *ossec-**logtest* binary to test your config before
deploying it. Other than the rule number your syntax appears to be fine.
-
Unfortunately the rule still doesn't work.
Also changed to:
no_email_alert
syscheck
systemd-logind
Failed to remove runtime directory /run/user/0: Device or
resource busy
ignore this message
and still getting the mails
четверг, 1 марта 2018 г., 11:11:20 UTC+1
Bruce, thank you very much for the information. Will test with new rule
number.
четверг, 1 марта 2018 г., 14:37:04 UTC+1 пользователь Bruce Westbrook
написал:
>
> Dmitriy, custom rules can only be numbered between 100,000 and 119,999.
> Change the rule number you used (400,001) to between the