RE: [ossec-list] Can't filter rule by IP

, 2016 6:17 AM To: ossec-list <ossec-list@googlegroups.com> Subject: Re: [ossec-list] Can't filter rule by IP Hi, I agree with Dan. Anyway, why are you using "composite rules", I mean with timeframe, frequency, etc. If you want to ignore some hosts you should use if_sid instead o

Re: [ossec-list] Can't filter rule by IP

Hi, I agree with Dan. Anyway, why are you using "composite rules", I mean with *timeframe*, *frequency*, etc. If you want to ignore some hosts you should use *if_sid *instead of *if_matched_sid*. Regards. Jesus Linares. On Thursday, February 18, 2016 at 11:49:12 PM UTC+1, dan (ddpbsd) wrote: >

Re: [ossec-list] Can't filter rule by IP

On Feb 18, 2016 5:44 PM, "Jane Doe" wrote: > > Hey guys! > > I'm trying to filter rule 18154 by not sending email alerts for certain hosts. I've tried several ways to filter this in the local_rules.xml file. > > 1) > > 6 > > > > 18103 > ip_address//I've also

[ossec-list] Can't filter rule by IP

Hey guys! I'm trying to filter rule 18154 by not sending email alerts for certain hosts. I've tried several ways to filter this in the local_rules.xml file. *1) * 6 18103 *ip_address*//I've also replaced this with srcip *ip_address*//I've also replaced this with