Greetings Clayton:
While I'm still learning the best way to use local-rules.xml to
override preset rules, the rule being triggered is in /var/ossec/rules/
web_rules.xml
<rule id="31115" level="3" maxsize="2900">
<if_sid>31100</if_sid>
<description>URL too long. Higher than allowed on most </
description>
<description>browsers. Possible attack.</description>
<group>invalid_access,</group>
</rule>
The maxsize is the lenght which you would adjust to be what is needed
for your common applications with long, but valid, URL's.
Thank you.
