I know there is a way to ignore certain files. Is there a way to ignore certain errors? For example I put ossec on our mail server which is running dspam. In /var/log/syslog we get a lot of these type of errors
dspam[20881]: [ID 795625 mail.warning] process_message returned error -5. delivering message. that ossec is picking up on and sending to me via e-mail. After a couple of hundred of those a day for a few days... the whole thing starts to become pointless. The whole message looks like this. OSSEC HIDS Notification. 2006 Oct 09 07:09:27 Received From: unknown->/var/log/syslog Rule: 1002 fired (level 7) -> "Unknown problem somewhere in the system." Portion of the log(s): dspam[20881]: [ID 795625 mail.warning] process_message returned error -5. delivering message. --END OF NOTIFICATION I suppose I could set it to either ignore syslog or to not fire off a message unless the alert level is 8, but those seem a bit drastic. Is there another way? -- Brian Avis SEARHC Medical Clinic Juneau, AK 99801 (907) 463-4049 Have a nice diurnal anomaly!
