I have a script that does a ping to a group of my servers and if the device
is unreachable it writes to the log file.
I have a custom parser working and my custom rules are working.
The issue I have now is that I need a way to ignore repeat consecutive
Server unreachable for 3 attempts
Hello,
I have a simple rule tree:
rule id=100101 level=2
if_sid1/if_sid
match[rsyslog-pri 0]|[rsyslog-pri 1]|[rsyslog-pri 2]|[rsyslog-pri
3]/match
grouphigh_lvl_syslog,/group
descriptionUnspecified err, crit, alert or emerg syslog
event./description
Ahh, I see now. Must have missed that in documentation, or just forgot.
Thank you!
On Friday, April 27, 2012 5:49:08 PM UTC+3, Daniel Cid wrote:
Hey,
It doesn't get checked, because it will try the rule 100112 first
(which would have a high severity) and matches
the event.
hi everyone,
i'm trying to install ossec on my Mac.
I get this error:
gcc -g -Wall -I../../ -I../../headers -DDEFAULTDIR=\/var/ossec\
-DUSE_OPENSSL -DDarwin -DHIGHFIRST-DARGV0=\sha1_op\ -DXML_VAR=\var\
-DOSSECHIDS -c sha1_op.c
In file included from sha1_op.c:27:
sha_locl.h: In function
Use the real gcc instead of Apple's llvm/clang/whatever it is these days.
On Fri, Apr 27, 2012 at 2:18 PM, Gappa gapp...@gmail.com wrote:
hi everyone,
i'm trying to install ossec on my Mac.
I get this error:
gcc -g -Wall -I../../ -I../../headersĀ -DDEFAULTDIR=\/var/ossec\
-DUSE_OPENSSL