, 2016 6:17 AM
To: ossec-list <ossec-list@googlegroups.com>
Subject: Re: [ossec-list] Can't filter rule by IP
Hi, I agree with Dan. Anyway, why are you using "composite rules", I mean with
timeframe, frequency, etc. If you want to ignore some hosts you should use
if_sid instead o
Hi, I agree with Dan. Anyway, why are you using "composite rules", I mean
with *timeframe*, *frequency*, etc. If you want to ignore some hosts you
should use *if_sid *instead of *if_matched_sid*.
Regards.
Jesus Linares.
On Thursday, February 18, 2016 at 11:49:12 PM UTC+1, dan (ddpbsd) wrote:
>
On Feb 18, 2016 5:44 PM, "Jane Doe" wrote:
>
> Hey guys!
>
> I'm trying to filter rule 18154 by not sending email alerts for certain
hosts. I've tried several ways to filter this in the local_rules.xml file.
>
> 1)
>
> 6
>
>
>
> 18103
> ip_address//I've also
Hey guys!
I'm trying to filter rule 18154 by not sending email alerts for certain
hosts. I've tried several ways to filter this in the local_rules.xml file.
*1) *
6
18103
*ip_address*//I've also replaced this with srcip
*ip_address*//I've also replaced this with