Yep, just write rules to ignore what you don't want to see. On Mar 8, 2012 12:07 PM, "Michael Barrett" <[email protected]> wrote:
> > Is there a way to configure the ossec agent to ignore specific windows > events? I have an application that is mis-behaving and its creating ossec > alerts for multiple windows events > > Rule: 18154 (level 10) -> 'Multiple Windows error events.' > > Can I configure OSSEC agent to eliminate rule 18154? > > *____________________________________________* > *Michael Barrett* <[email protected]>* *| *Information Security > Analyst - Lead* | *Mortgage Guaranty Insurance > Corporation*<http://www.mgic.com/> > 270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6271 | 7 > 1.888.601.4440 | * [email protected] > > This message is intended for use only by the person(s) addressed above and > may contain privileged and confidential information. Disclosure or use of > this message by any other person is strictly prohibited. If this message is > received in error, please notify the sender immediately and delete this > message. >
