For the ignore option (for silencing a rule for X seconds), does it
silence the rule for X seconds no matter the source IP or does it look
at the source ip?

My observation is that it silences the rule for X seconds no matter
the source IP. Ideally I would silence the IP for X seconds so that
after I've taken action (say ban for 30 minutes), then ossec wont have
to alert about it for 30 minutes too.

Thank you.

Reply via email to