It'll be tough to help if you XXX all the logs. Create a rule to ignore messages you don't want to see. In this case <if_sid>1002<if_sid> and <match>XXX</match> On Feb 8, 2012 10:37 AM, "culley" <[email protected]> wrote:
> So I have Nagios as well OSSEC on the same system and because OSSEC is > set to check /var/log/messages I inadvertently receive email if Nagios > cant connect/check the remote hosts for whatever reason. > > Like so > > Receive From : XXXXXX-> /var/log/messages > Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the > system." > > Portion of log(s): > > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > > How would i go about changing the level for /var/log/message so its > only send mail when a higher alert is logged, or is there a different > solution entirely to prevent OSSEC alerting about Nagios. >
