Clayton Dillard wrote: > Folks, > We've installed RHEL 5 which seems to have some bug in SNMP that > causes the log file to be swamped with messages, which are then picked > up by OSSEC and alerted on, which in turn fills up our IDS mailbox. > Anyone know of a way to make OSSEC ignore these messages that are in the > /var/log/messages file? > > Thanks, > -- > Clayton Dillard <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> > RPS Technology, LLC >
Add a rule to ignore in the local_rules.xml file: http://www.ossec.net/wiki/index.php/Know_How:Ignore_Rules Isaac
