On Wed, Feb 14, 2007 at 10:52:50PM -0400, Daniel Cid wrote:
>
> Hi Kayvan,
>
> The following link has some information about it:
>
> http://www.ossec.net/wiki/index.php/Know_How:Ignore_Rules
>
> For your situation, the following local rule would work:
>
> <rule id="xyz" level="0">
> <if_sid>1002</if_sid>
> <match>getpeername failed</match>
> <description>Ignoring getpeername failed</description>
> </rule>
Are the rules matched by id number? (i.e. Rule 1, then Rule 2, then
Rules 3, etc.)
What should the rule id be for the above?
---Kayvan
--
Kayvan A. Sylvan | Proud husband of | Father to my kids:
Sylvan Associates, Inc. | Laura Isabella Sylvan, | Katherine Yelena (8/8/89)
http://sylvan.com/~kayvan | my beautiful Queen. | Robin Gregory (2/28/92)
