-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
It depends on which rule is firing the alert. I think something
like this added to local_rules.xml on your server:
<rule id="100100" level="1">
~ <if_sid>1002</if_sid>
~ <program_name>named</program_name>
~ <match>query (cache)</match>
~ <description>DNS cache query ignored.</description>
</rule>
You may need to tune the if_sid, if it's not rule 1002 firing. And
you could change the match to be google specific rather than not
alerting for all cache queries.
-David
Adriel Desautels wrote:
| How do I ignore this particular type event in OSSEC?
|
| Jun 12 17:04:45 zerosum named[26698]: client 128.194.135.85#4495:
query
| (cache) 'www.google.com/A/IN' denied
|
| Regards,
| Adriel T. Desautels
| Chief Technology Officer
| Netragard, LLC.
| Office : 617-934-0269
| Mobile : 617-633-3821
| http://www.linkedin.com/pub/1/118/a45
|
| Join the Netragard, LLC. Linked In Group:
| http://www.linkedin.com/e/gis/48683/0B98E1705142
|
| ---------------------------------------------------------------
| Netragard, LLC - http://www.netragard.com - "We make IT Safe"
| Penetration Testing, Vulnerability Assessments, Website Security
|
| Netragard Whitepaper Downloads:
| -------------------------------
| Choosing the right provider : http://tinyurl.com/2ahk3j
| Three Things you must know : http://tinyurl.com/26pjsn
|
- --
_______________________________________________
GPG (http://www.gnupg.org/) key available from:
http://www.kayakero.net/per/david/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFIUcVrCzuSgviBh00RAoFPAJ0Vs/tWO+ubl4DcqPImrdIDW6OrpQCgvIP5
kqNAgMPvbMUejKjv7y77hjU=
=BTuo
-----END PGP SIGNATURE-----
