I have put OSSEC into one of my production systems and everything is working fine but I would to keep it from triggering on one type of message.
in.named[259]: [ID 866145 daemon.error] client 24.159.158.118#62624: update 'anydomain.com/IN' denied I don't want to edit the syslog rules and take out error or denied out of the BAD WORDS variable. Any ideas?? Something I'm overlooking? thanks steve
