Hello,
i'm trying to disable email notification for rule with defined active
response but without success. I was trying something like bellow -
notification was disabled, but active response stop working. Can you
help me please?
ossec.conf:
...
<active-response>
<command>firewall-drop</command>
<location>local</location>
<rules_id>5712</rules_id>
<timeout>240</timeout>
</active-response>
local_rules.xml:
...
<rule id="100160" level="1">
<if_sid>5712</if_sid>
<description>SSHD brute force trying to get access to the system</
description>
</rule>
Peter Paldan
PS: Running Ossec v1.5 and it's great HIDS. Many thanks to Ossec team!
