Dan you are rock! last week we have put ossec in full production to meet PCI requirement and its rocking.. ( We have save 10 grand to cancelled TripWire quote )
Thanks all of you who participate in my queries.. -S On Mon, Apr 25, 2011 at 11:34 AM, dan (ddp) <[email protected]> wrote: > Oh, add that to /var/ossec/rules/local_rules.xml and restart ossec. > > On Apr 25, 2011 11:32 AM, "dan (ddp)" <[email protected]> wrote: >> On Apr 25, 2011 11:29 AM, "satish patel" <[email protected]> wrote: >>> >>> Hey Guys! >>> >>> Is there any quick way to remove unwanted rules from ossec ? even i >>> don't want alert or log them in file. (In short totally ignore).. I >>> want to remove following unwanted rules like following and etc... >>> >>> 591 - Log file rotated. >> >> <rule id="100000" level="0"> >> <if_sid>591</if_sid> >> </rule> >
