Many thanks!!
On Wed, Jul 25, 2012 at 11:51 AM, dan (ddp) <[email protected]> wrote: > On Wed, Jul 25, 2012 at 10:47 AM, Leonardo Bacha Abrantes > <[email protected]> wrote: > > Hey people, > > good morning! > > > > > > how can I configure ossec to don't send emails by an specific rule for > just > > one client ? > > > > Rule: 35052 fired (level 9) -> "Multiple unauthorized attempts to use > > proxy." > > > > I don't want to receive emails about it. I'll check it directlly in ossec > > web ui. > > > > > > > > thanks! > > > > Write a rule to ignore it (or put it at a lower level). Something like > this might work (hard to tell since I don't have a sample): > <rule id="something or other" level="3"> > <if_sid>35052</if_sid> > <srcip>client ip</srcip> > <description>Ignore stuff for client ip</description> > </rule> >
