finally lol.....nice to help
On Tue, 2011-03-15 at 17:36 -0400, Satish Patel wrote:
> You are right!! It works
>
> --
> Sent from my iPhone
>
> On Mar 15, 2011, at 3:08 PM, Gurtaj Singh <[email protected]>
> wrote:
>
> > OMG DUDE.......listen to me and dan....U CANT use <match> for
> > snmpd....JUST COPY MY RULE gAHHHHHHHHHHHH
> > dan plz reply to him again ...since you are the one with patience...
> > <match> works for ONLY THE LOG PART OF THE MESSAGE!!
> > use <program_name>snmpd</program_name>
> >
> > ......
> >
> >
> >
> > On Tue, 2011-03-15 at 14:55 -0400, satish patel wrote:
> >> I did following but still not working :(
> >>
> >>
> >> <rule id="100003" level="0">
> >> <if_sid>1002</if_sid>
> >> <options>no_email_alert</options>
> >> <match>snmpd</match>
> >> <description>IGNORED RULE</description>
> >> </rule>
> >>
> >>
> >>
> >>
> >> On Tue, Mar 15, 2011 at 2:39 PM, Tanishk Lakhaani <[email protected]
> >> > wrote:
> >>> Hi,
> >>> Set the level to 0 (zero) in local_rules.xml
> >>>
> >>>
> >>> Regards
> >>> Tanishk Lakhaani
> >>> Sent from BlackBerry® on Airtel
> >>>
> >>> -----Original Message-----
> >>> From: satish patel <[email protected]>
> >>> Sender: [email protected]
> >>> Date: Tue, 15 Mar 2011 10:29:44
> >>> To: <[email protected]>
> >>> Reply-To: [email protected]
> >>> Subject: [ossec-list] How to ignore specific rules
> >>>
> >>> I am getting following alert constantly how to ignore it until i
> >>> fix the issue ?
> >>>
> >>>
> >>> OSSEC HIDS Notification.
> >>> 2011 Mar 15 07:18:52
> >>>
> >>> Received From: (sebfwint1) 172.24.0.63->/var/log/syslog
> >>> Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the
> >>> system."
> >>> Portion of the log(s):
> >>>
> >>> Mar 15 07:15:31 sebfwint1 snmpd[1401]: error on subcontainer
> >>> 'ia_addr'
> >>> insert (-1)
> >>>
> >>
> >
> >
>
