I did end up doing this, user and hostname. However this isn't the
'optimal' solution as I do prefer to get alerts from the user + hostname at
other times then ignoring it every half an hour. I will look more into the
element time later on, and see if there's a way to achieve what I were
trying to do.
Thanks for the response and help though!
Kind regards
Den tisdag 4 juli 2017 kl. 20:00:53 UTC+2 skrev Jesus Linares:
>
> Hi Fredrik,
>
> do you want to ignore the rule 5501 if it is fired by your script?. is it
> not enough with the hostname and the user?.
>
> Regards.
>
> On Monday, July 3, 2017 at 12:10:18 PM UTC+2, Fredrik Hilmersson wrote:
>>
>> Hello,
>>
>> Lets say I have a script which runs once every half an hour. With a
>> latency difference in about 10-20 seconds.
>> Would it be possible to match the following:
>>
>> 1. Time
>> 2. Hostname
>> 3. Username
>>
>> The reason I prefer more than a single match, i.e only time is to not by
>> mistake miss an actual event.
>>
>>
>>
>> 5501
>> **:30
>>
>> agent-hostname
>> ssh-user
>>
>> no_email_alert
>>
>> Ignore rule 5501 for host
>>
>>
>>
>> Kind regards,
>> Fredrik
>>
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
