Hello there,
could someone help me exclude this message from ossec:
OSSEC HIDS Notification.
2018 Mar 01 11:02:10
Received From: mail->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Mar 1 11:02:10 mail systemd-logind: Failed
пользователь Dmitriy Shvedchenko
написал:
>
> Hello there,
>
> could someone help me exclude this message from ossec:
>
> OSSEC HIDS Notification.
> 2018 Mar 01 11:02:10
>
> Received From: mail->/var/log/messages
> Rule: 1002 fired (level 2) -> "Unknown pr
o between the allowed range.
>
> You can then use the *ossec-**logtest* binary to test your config before
> deploying it. Other than the rule number your syntax appears to be fine.
>
> - Bruce
>
>
>
> On Thursday, March 1, 2018 at 5:11:20 AM UTC-5, Dmitriy Shvedchenko w
