Sorry here is an example portion of logs, there are 7 type of logs as I have 7 services monitored on Nagios.
Feb 8 15:56:04 GL-KLINK nagios: SERVICE ALERT: host-xx;Thunderbird Version;CRITICAL;HARD;1;Connection refused or timed out Sam Culley Sent from my iPhone 4 On 8 Feb 2012, at 15:40, "dan (ddp)" <[email protected]> wrote: > It'll be tough to help if you XXX all the logs. > Create a rule to ignore messages you don't want to see. In this case > <if_sid>1002<if_sid> and <match>XXX</match> > > On Feb 8, 2012 10:37 AM, "culley" <[email protected]> wrote: > So I have Nagios as well OSSEC on the same system and because OSSEC is > set to check /var/log/messages I inadvertently receive email if Nagios > cant connect/check the remote hosts for whatever reason. > > Like so > > Receive From : XXXXXX-> /var/log/messages > Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the > system." > > Portion of log(s): > > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > > How would i go about changing the level for /var/log/message so its > only send mail when a higher alert is logged, or is there a different > solution entirely to prevent OSSEC alerting about Nagios.
