I am trying to override part of rule 31106, but it's not working. Any help
or hints would be most welcome. I'm trying to avoid getting notified when
this condition occurs:
Received From: (croatia)
192.168.0.100-/hsphere/local/home/cpanel/apache/logs/access_log
Rule: 31106 fired (level 12) - A web
Hi Gil,
You need to use if_sid instead of if_matched_sid. The later is
only used for
composite rules (when matching across multiple events).
hope that helps.
--
Daniel B. Cid
dcid ( at ) ossec.net
On Sun, Feb 28, 2010 at 11:41 PM, Gil Vidals gvid...@gmail.com wrote:
I am trying to override
Daniel,
Thank you so much for your answer. I will try your suggestion today.
By the way, I am relatively new to OSSEC and have been enjoying your
product. I am using it on about a dozen linux servers and I plan on becoming
more proficient with it.
--Gil Vidals
On Mon, Mar 1, 2010 at 10:28 AM,