OMG DUDE.......listen to me and dan....U CANT use <match> for snmpd....JUST COPY MY RULE gAHHHHHHHHHHHH dan plz reply to him again ...since you are the one with patience... <match> works for ONLY THE LOG PART OF THE MESSAGE!! use <program_name>snmpd</program_name>
...... On Tue, 2011-03-15 at 14:55 -0400, satish patel wrote: > I did following but still not working :( > > > <rule id="100003" level="0"> > <if_sid>1002</if_sid> > <options>no_email_alert</options> > <match>snmpd</match> > <description>IGNORED RULE</description> > </rule> > > > > > On Tue, Mar 15, 2011 at 2:39 PM, Tanishk Lakhaani <[email protected]> > wrote: > > Hi, > > Set the level to 0 (zero) in local_rules.xml > > > > > > Regards > > Tanishk Lakhaani > > Sent from BlackBerry® on Airtel > > > > -----Original Message----- > > From: satish patel <[email protected]> > > Sender: [email protected] > > Date: Tue, 15 Mar 2011 10:29:44 > > To: <[email protected]> > > Reply-To: [email protected] > > Subject: [ossec-list] How to ignore specific rules > > > > I am getting following alert constantly how to ignore it until i fix the > > issue ? > > > > > > OSSEC HIDS Notification. > > 2011 Mar 15 07:18:52 > > > > Received From: (sebfwint1) 172.24.0.63->/var/log/syslog > > Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." > > Portion of the log(s): > > > > Mar 15 07:15:31 sebfwint1 snmpd[1401]: error on subcontainer 'ia_addr' > > insert (-1) > > >
