add the following rule to your local_rules.xml <rule id="700678" level="7"> <options>no_email_alert</options> <match>error on subcontainer 'ia_addr' insert (-1)</match> <description>IGNORED RULE</description> </rule>
The above rule takes that alert as a level 7(which by default wont be ignored but note the options command-due to which it wont be alerted on) If ever you want to see if you properly fixed the issue,remove the options command and keep the rest. That way it wont be ignored. Another alternative is call it a level 1 or 2 and completely ignore it(no logs) or use the no_log command under options. On Tue, 2011-03-15 at 10:29 -0400, satish patel wrote: > I am getting following alert constantly how to ignore it until i fix the > issue ? > > > OSSEC HIDS Notification. > 2011 Mar 15 07:18:52 > > Received From: (sebfwint1) 172.24.0.63->/var/log/syslog > Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." > Portion of the log(s): > > Mar 15 07:15:31 sebfwint1 snmpd[1401]: error on subcontainer 'ia_addr' > insert (-1) >
