Guys,
I created a rule and inserted it into local_rules.xml, but it is not
working.
<group name="web,accesslog,">
<rule id="100201" level="5">
<if_sid>31100</if_sid> *#I also tried to put the specific
number of rule (30119, 30118,etc.)*
<match>^client 192.168.21.18</match>
<options>no_email_alert</options>
</rule>
</group>
what is wrong on it ?
thanks!
On Mon, Sep 24, 2012 at 9:13 AM, Leonardo Bacha Abrantes <
[email protected]> wrote:
> yes! exactly this! :)
>
>
>
>
>
> On Sun, Sep 23, 2012 at 11:30 AM, JB <[email protected]> wrote:
>
>> Do you mean NOT to trigger alerts when the "Location" is
>> 'your.reverse.proxy.ip -> /var/log/httpd/access_log'?
>>
>>
>> On Friday, September 21, 2012 10:58:17 AM UTC-7, Leonardo Bacha Abrantes
>> wrote:
>>>
>>> Hey guys!
>>>
>>> I have a machine working a reverse proxy that redirect requests to
>>> another machine which is my webserver and am receiving a lot of alerts of
>>> my webserver that has the ip of my reverse proxy.
>>> I don't want to receive alerts of my webserver that has the ip of my
>>> reverse proxy.
>>>
>>> I found a rule below to ignore any alert but how can I specify to ignore
>>> alerts only in access.log and error.log from reverse proxy ?
>>>
>>> <rule id="100123" level="0">
>>> <if_level>8</if_level>
>>> <srcip>*Ip of my reverse proxy*</srcip>
>>> <description>Ignoring any alert above level 8 that has MYIP
>>> decoded.</description>
>>> <rule>
>>>
>>> many thanks!
>>>
>>>
>>>
>>>
>
