Hi All,
Question about using the "!" in the local_rules.xml for the <hostname>
tag, like the following...
<!-- Testing excluding specific files from specific servers -->
<rule id="100500" level="0">
<if_sid>550, 551, 552</if_sid>
<match>mdas</match>
<match>sgsdas</match>
<hostname>!sles10-docs</hostname> ---- thinking is that if any
other server triggered with this rule the normal alert would take place,
only on this server would the rule fire and the change be ignored
<description>Ignoring changes</description>
</rule>
We are using Ossec v2.0.
Thank you,
Patrick Swartz
UNIX Planning & Engineering (DSUSSE)
First Data
402-777-7337 desk
402-871-8981 cell
<HTML><BODY><P><hr size=1></P>
<P><STRONG>
The information in this message may be proprietary and/or confidential, and
protected from disclosure. If the reader of this message is not the intended
recipient, or an employee or agent responsible for delivering this message to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If you
have received this communication in error, please notify First Data immediately
by replying to this message and deleting it from your computer.
</STRONG></P></BODY></HTML>
