[ossec-list] Alerts generated despite level '0' rule being hit

full_log: Files hidden inside directory '/var/lib/docker/aufs/mnt/545d04c068f0f7ce19361a94d1c43b0c6686a0dfdd45e1803ccee569acc1767b/usr/share/locale'.

[ossec-list] Re: Alerts generated despite level '0' rule being hit

Yes, via ./ossec-control -r On Thursday, January 26, 2017 at 4:41:20 PM UTC-5, Daniel B. wrote: > > > <https://lh3.googleusercontent.com/-PjI5QG1OEt4/WIpsiYbmInI/AP8/XaaQ35illHgeh_zq_oAtMKNU6giFsek7QCLcB/s1600/2017-01-26_1638.png> > > > > full_log: >

[ossec-list] local_decoder.xml -- can't override (ignore) parent decoder

We use weave which periodically causes a network interface to enter promiscuous mode to sniff network traffic. This is expected behavior, and as such, I'm looking to ignore it. For reference, the iptables decoder is set at

[ossec-list] Re: local_decoder.xml -- can't override (ignore) parent decoder

d filtering (rules). >Rule id: '11' >Level: '0' >Description: 'Ignore rule 5104.' > > (I changed the name of the decoder from iptables to kernel). > > I hope it helps. > > On Tuesday, January 17, 2017 at 8:58:28 PM UTC+1, Daniel B. wr