the rule did show up in the output 2012/04/04 09:49:22 3 : rule:18153, level 10, timeout: 0
On Apr 4, 9:11 am, "dan (ddp)" <[email protected]> wrote: > Run ossec-logtest with the debug flag and make sure this rule shows up. > On Apr 4, 2012 10:08 AM, "nick talbot" <[email protected]> wrote: > > > > > > > > > Yes > > > /var/ossec/bin/ossec-control restart > > > On Apr 4, 8:51 am, "dan (ddp)" <[email protected]> wrote: > > > Did you restart the ossec processes on the manager? > > > On Apr 4, 2012 9:48 AM, "nick talbot" <[email protected]> wrote: > > > > > I have the following entry in my local_rules.xml, however i am still > > > > receiving email alerts on this rule. Should I also set it to 0 in the > > > > msauth_rules.xml? > > > > > <rule id="100030" level="0"> > > > > <if_sid>18153</if_sid> > > > > <description>List of rules to be ignored.</description> > > > > </rule>
