Great thanks I have applied the rule, i will let you know when I can confirm its working.
Sam On 8 February 2012 19:59, dan (ddp) <[email protected]> wrote: > On Wed, Feb 8, 2012 at 10:59 AM, Sam Culley <[email protected]> wrote: > > Sorry here is an example portion of logs, there are 7 type of logs as I > have > > 7 services monitored on Nagios. > > > > Feb 8 15:56:04 GL-KLINK nagios: SERVICE ALERT: host-xx;Thunderbird > > Version;CRITICAL;HARD;1;Connection refused or timed out > > > > Filtering these out should be easy. > Untested but has a good chance of working: > > <rule id="WHATEVER" level="0"> > <if_sid>1002</if_sid> > <program_name>nagios</program_name> > <match>Connection refused or timed out$</match> > <description>I Don't want to see refused connections</description> > </rule> > > > Sam Culley > > Sent from my iPhone 4 > > > > On 8 Feb 2012, at 15:40, "dan (ddp)" <[email protected]> wrote: > > > > It'll be tough to help if you XXX all the logs. > > Create a rule to ignore messages you don't want to see. In this case > > <if_sid>1002<if_sid> and <match>XXX</match> > > > > On Feb 8, 2012 10:37 AM, "culley" <[email protected]> wrote: > >> > >> So I have Nagios as well OSSEC on the same system and because OSSEC is > >> set to check /var/log/messages I inadvertently receive email if Nagios > >> cant connect/check the remote hosts for whatever reason. > >> > >> Like so > >> > >> Receive From : XXXXXX-> /var/log/messages > >> Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the > >> system." > >> > >> Portion of log(s): > >> > >> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > >> > >> How would i go about changing the level for /var/log/message so its > >> only send mail when a higher alert is logged, or is there a different > >> solution entirely to prevent OSSEC alerting about Nagios. >
