Daniel Cid <[EMAIL PROTECTED]> wrote:
Our wiki has some information about it:
http://www.ossec.net/wiki/index.php/Know_How:Ignore_Rules
Some examples here:
http://www.ossec.net/rules/?f=local_rules.xml
If that doesn't help, can you show us an example of the rules/events that you
want to filter? We would need to know the exact windows event ID and rule
that is generating it..
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
On 10/31/06, Black CryptoKnight <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I installed OSSEC-9.3 on a Windows 2000 Domain Controller, and I am getting
> several alerts related to "Windows Logon Success" for type 3 logins
> (network). How can I filter out these type 3 logins, but still be notified
> of logins at the console (type 2 - interactive)?
>
>
> Visit Jamaica's Tech Portal http://www.techjamaica.com
>
> ________________________________
> Everyone is raving about the all-new Yahoo! Mail.
Access over 1 million songs - Yahoo! Music Unlimited Try it today.
