Oh, add that to /var/ossec/rules/local_rules.xml and restart ossec.
On Apr 25, 2011 11:32 AM, "dan (ddp)" <[email protected]> wrote:
> On Apr 25, 2011 11:29 AM, "satish patel" <[email protected]> wrote:
>>
>> Hey Guys!
>>
>> Is there any quick way to remove unwanted rules from ossec ? even i
>> don't want alert or log them in file. (In short totally ignore).. I
>> want to remove following unwanted rules like following and etc...
>>
>> 591 - Log file rotated.
>
> <rule id="100000" level="0">
> <if_sid>591</if_sid>
> </rule>
