One question i used "no_log" that means it will stop alert and log both ?
On Tue, Mar 15, 2011 at 11:23 AM, satish patel <[email protected]> wrote: > Perfect!!! Thanks a lot.. > > > > On Tue, Mar 15, 2011 at 10:46 AM, Gurtaj Singh > <[email protected]> wrote: >> add the following rule to your local_rules.xml >> >> <rule id="700678" level="7"> >> <options>no_email_alert</options> >> <match>error on subcontainer 'ia_addr' insert (-1)</match> >> <description>IGNORED RULE</description> >> </rule> >> >> The above rule takes that alert as a level 7(which by default wont be >> ignored but note the options command-due to which it wont be alerted on) >> If ever you want to see if you properly fixed the issue,remove the options >> command and keep the rest. That way it wont be ignored. >> >> Another alternative is call it a level 1 or 2 and completely ignore it(no >> logs) or use the no_log command under options. >> >> >> On Tue, 2011-03-15 at 10:29 -0400, satish patel wrote: >> >> I am getting following alert constantly how to ignore it until i fix the >> issue ? >> >> >> OSSEC HIDS Notification. >> 2011 Mar 15 07:18:52 >> >> Received From: (sebfwint1) 172.24.0.63->/var/log/syslog >> Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." >> Portion of the log(s): >> >> Mar 15 07:15:31 sebfwint1 snmpd[1401]: error on subcontainer 'ia_addr' >> insert (-1) >> >> >> >
