Probably not what you want, but best I can come up with at the moment: <rule stuff="more_required"> <blah /> <location>SERVER1</location> <srcip>192.168.11.310</srcip> </rule>
On Mon, Jan 9, 2012 at 1:29 PM, Jason 'XenoPhage' Frisvold <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > white_list is a global option in ossec.conf .. But is there an easy > way to whitelist by server? For instance, I want to whitelist some > web developer IPs on the web servers, but I don't want them > whitelisted on other servers such as database or storage servers. I > don't see a very easy way to do this, though.. > > Thoughts? > > - -- > - --------------------------- > Jason 'XenoPhage' Frisvold > [email protected] > - --------------------------- > > "Any sufficiently advanced magic is indistinguishable from technology.\" > - - Niven's Inverse of Clarke's Third Law > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.18 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk8LMhQACgkQO80o6DJ8Uvn0+gCfWZGS1Wu6LZHoK/zO6OviRcp1 > ATsAn3ojJ1+LA7PU7x9//X1gMXcO4RI8 > =B9hT > -----END PGP SIGNATURE-----
