On Wed, Jul 25, 2012 at 10:47 AM, Leonardo Bacha Abrantes <[email protected]> wrote: > Hey people, > good morning! > > > how can I configure ossec to don't send emails by an specific rule for just > one client ? > > Rule: 35052 fired (level 9) -> "Multiple unauthorized attempts to use > proxy." > > I don't want to receive emails about it. I'll check it directlly in ossec > web ui. > > > > thanks! >
Write a rule to ignore it (or put it at a lower level). Something like this might work (hard to tell since I don't have a sample): <rule id="something or other" level="3"> <if_sid>35052</if_sid> <srcip>client ip</srcip> <description>Ignore stuff for client ip</description> </rule>
