anyone? tia m
On Mar 25, 10:37 pm, matthias platzer <[email protected]> wrote: > Hi, > > In the meantime I have a lot of "ignore-rules" to ignore all the > "noise" (think windows servers) with level="0" and <options>no_log</ > options>. OSSEC itself has a lot of similar rules for grouping rules > i.e. rule 31100 for all apache access_log lines. > The Problem is, all those level 0 alerts show up on the wui stats page > and trash the stats, because in the "Aggregate values by severity" > table 90% of alerts are level 0 alerts. Statistically a rise in some > alerts more severe would not be that relevant. They show up in /var/ > ossec/stats too, but I guess that is were wui gets its stats. > So is there an option to completely ignore those alerts, specifically > stats-wise ? > > thanks! > matthias
