Hi, Set the level to 0 (zero) in local_rules.xml
Regards Tanishk Lakhaani Sent from BlackBerry® on Airtel -----Original Message----- From: satish patel <[email protected]> Sender: [email protected] Date: Tue, 15 Mar 2011 10:29:44 To: <[email protected]> Reply-To: [email protected] Subject: [ossec-list] How to ignore specific rules I am getting following alert constantly how to ignore it until i fix the issue ? OSSEC HIDS Notification. 2011 Mar 15 07:18:52 Received From: (sebfwint1) 172.24.0.63->/var/log/syslog Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." Portion of the log(s): Mar 15 07:15:31 sebfwint1 snmpd[1401]: error on subcontainer 'ia_addr' insert (-1)
