Thanks Dan!
-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of dan (ddp)
Sent: Thursday, July 22, 2010 8:27 AM
To: [email protected]
Subject: Re: [ossec-list] Snort and ossec
You can create an ignore rule for snort events. Something like the
following (untested):
<rule id="xxx" level="0">
<decoded_as>snort</decoded_as>
<description>Ignore snort.</description>
</rule>
On Wed, Jul 21, 2010 at 1:10 PM, Cabeza de Baca, Matthew
<[email protected]> wrote:
> I put ossec on a couple snort boxes that are logging to messages.
>
>
>
> I am wondering if I can tell ossec to ignore snort IDS system events. I
> have another method at looking at snort events and would like to use snort
> for an HIDS on my snort boxes.
>
>
>
> If this is possible, can someone point to me how to accomplish this.
>
>
>
> Thanks,
>
>
>
> Matt
>
>
>
>
>
> ________________________________
> This e-mail message, including any attachments, is for the
> sole use of the intended recipient(s) and may contain
> confidential or privileged information. Any unauthorized
> review, use, disclosure or distribution is prohibited. If
> you are not the intended recipient, please contact the
> sender by reply e-mail and destroy the message.
>
> ________________________________
> Think Green! Please do not print this e-mail unless you need to. Thank you.
>
This e-mail message, including any attachments, is for the
sole use of the intended recipient(s) and may contain
confidential or privileged information. Any unauthorized
review, use, disclosure or distribution is prohibited. If
you are not the intended recipient, please contact the
sender by reply e-mail and destroy the message.
