I did following but still not working :(
<rule id="100003" level="0">
<if_sid>1002</if_sid>
<options>no_email_alert</options>
<match>snmpd</match>
<description>IGNORED RULE</description>
</rule>
On Tue, Mar 15, 2011 at 2:39 PM, Tanishk Lakhaani <[email protected]> wrote:
> Hi,
> Set the level to 0 (zero) in local_rules.xml
>
>
> Regards
> Tanishk Lakhaani
> Sent from BlackBerry® on Airtel
>
> -----Original Message-----
> From: satish patel <[email protected]>
> Sender: [email protected]
> Date: Tue, 15 Mar 2011 10:29:44
> To: <[email protected]>
> Reply-To: [email protected]
> Subject: [ossec-list] How to ignore specific rules
>
> I am getting following alert constantly how to ignore it until i fix the
> issue ?
>
>
> OSSEC HIDS Notification.
> 2011 Mar 15 07:18:52
>
> Received From: (sebfwint1) 172.24.0.63->/var/log/syslog
> Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
> Portion of the log(s):
>
> Mar 15 07:15:31 sebfwint1 snmpd[1401]: error on subcontainer 'ia_addr'
> insert (-1)
>
