Hi All
I am trying to ignore some specific message to be seen in the OSSEC web
real time monitoring, and I have configured the local_rules.xml as
follows but still I can see the messages.
Requirement: - To hide any messages with cqmghost.exe with level
mentioned as below to not to be logged in real time monitoring
<rule id="100033" level="4">
<if_sid>18105</if_sid>
<match>cqmghost.exe</match>
<description>Events to be ignored</description>
</rule>
<rule id="100034" level="10" frequency="$MS_FREQ" timeframe="240">
<if_sid>18153</if_sid>
<match>cqmghost.exe</match>
<description>Events to be ignored</description>
</rule>
Would appreciate if somebody could help me to write the correct rule
Best regards,
Muraleedaran Kanapathy| Linux/Unix System Engineer - ISS Department
Voice +966(1) 2888136 | Fax +966(1) 288-8899 ext 1422
Integrated Networks | Faisaliah Tower | Level 7A |
PO Box 53553, Riyadh 11593, KSA | GMT +3 |
Email [email protected]
<mailto:[email protected]>
Disclaimer: This electronic mail message contains information that (a)
is or may be LEGALLY PRIVILEGED, CONFIDENTIAL, ROPRIETARY IN NATURE, OR
OTHERWISE PROTECTED BY LAW FROM DISCLOSURE, and (b) is intended only for
the use of the Addressee(s) named herein. If you are not the intended
recipient, an addressee, or the person responsible for delivering this
to an addressee, you are hereby notified that reading, using, copying,
or distributing any part of this message is strictly prohibited. If you
have received this electronic mail message in error, please contact us
immediately and take the steps necessary to delete the message
completely from your computer system. Unless explicitly attributed, the
opinions expressed in this message do not necessarily represent the
official position or opinions of Integrated Networks LLC., whilst all
care has been taken, Integrated Networks LLC. disclaims all liability
for loss or damage to person or property arising from this message being
infected by computer virus or any type of contamination.
<<image001.jpg>>
