Does 10030 show up? On Apr 4, 2012 11:42 AM, "nick talbot" <[email protected]> wrote:
> it did show up in the output > > 2012/04/04 09:23:17 3 : rule:18153, level 10, timeout: 0 > > On Apr 4, 9:11 am, "dan (ddp)" <[email protected]> wrote: > > Run ossec-logtest with the debug flag and make sure this rule shows up. > > On Apr 4, 2012 10:08 AM, "nick talbot" <[email protected]> wrote: > > > > > > > > > > > > > > > > > Yes > > > > > /var/ossec/bin/ossec-control restart > > > > > On Apr 4, 8:51 am, "dan (ddp)" <[email protected]> wrote: > > > > Did you restart the ossec processes on the manager? > > > > On Apr 4, 2012 9:48 AM, "nick talbot" <[email protected]> wrote: > > > > > > > I have the following entry in my local_rules.xml, however i am > still > > > > > receiving email alerts on this rule. Should I also set it to 0 in > the > > > > > msauth_rules.xml? > > > > > > > <rule id="100030" level="0"> > > > > > <if_sid>18153</if_sid> > > > > > <description>List of rules to be ignored.</description> > > > > > </rule>
