Added. hope it will stop alerting.. <match>error on subcontainer 'ia_addr' insert (-1)</match>
On Tue, Mar 15, 2011 at 3:08 PM, Gurtaj Singh <[email protected]> wrote: > OMG DUDE.......listen to me and dan....U CANT use <match> for > snmpd....JUST COPY MY RULE gAHHHHHHHHHHHH > dan plz reply to him again ...since you are the one with patience... > <match> works for ONLY THE LOG PART OF THE MESSAGE!! > use <program_name>snmpd</program_name> > > ...... > > > > On Tue, 2011-03-15 at 14:55 -0400, satish patel wrote: >> I did following but still not working :( >> >> >> <rule id="100003" level="0"> >> <if_sid>1002</if_sid> >> <options>no_email_alert</options> >> <match>snmpd</match> >> <description>IGNORED RULE</description> >> </rule> >> >> >> >> >> On Tue, Mar 15, 2011 at 2:39 PM, Tanishk Lakhaani <[email protected]> >> wrote: >> > Hi, >> > Set the level to 0 (zero) in local_rules.xml >> > >> > >> > Regards >> > Tanishk Lakhaani >> > Sent from BlackBerry® on Airtel >> > >> > -----Original Message----- >> > From: satish patel <[email protected]> >> > Sender: [email protected] >> > Date: Tue, 15 Mar 2011 10:29:44 >> > To: <[email protected]> >> > Reply-To: [email protected] >> > Subject: [ossec-list] How to ignore specific rules >> > >> > I am getting following alert constantly how to ignore it until i fix the >> > issue ? >> > >> > >> > OSSEC HIDS Notification. >> > 2011 Mar 15 07:18:52 >> > >> > Received From: (sebfwint1) 172.24.0.63->/var/log/syslog >> > Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." >> > Portion of the log(s): >> > >> > Mar 15 07:15:31 sebfwint1 snmpd[1401]: error on subcontainer 'ia_addr' >> > insert (-1) >> > >> > > >
