did you add the noalert property to the rule? e.g. <rule id="10001" noalert="1"><match></match></rule>
On Mon, May 19, 2008 at 11:13 AM, Clayton Dillard < [EMAIL PROTECTED]> wrote: > I have an Amanda backup server onto which I've installed the OSSEC agent. > I get regular alerts for files in /etc/amanda that have been deleted because > of backup rotations and purging. I've tried creating a rule on the OSSEC > server with a <match>/etc/amanda/</match> statement but still get the > alerts. > > Can someone point where I'm wrong on this? > > Thanks, > CTD > >
