Hi All, When I see an alert which I do not want to be notified of (such as assorted things triggering rule 1002), on the central "server" instance, I edit /var/ossec/rules/local_rules.xml and add an anti-rule, specifying level="0" for the particular pattern-match. I then restart with /var/ossec/bin/ossec-control restart.
It seems to take a very long time for that change to propagate & take effect on the "agents". Do I need to do something to manually make the updates apply across the board, or can I alter some setting to make the updates a bit more immediate? Cheers, -- Chris Phillips
