On Tue, Sep 25, 2012 at 10:04 AM, Leonardo Bacha Abrantes <[email protected]> wrote: > Guys, > > I created a rule and inserted it into local_rules.xml, but it is not > working. > > <group name="web,accesslog,"> > <rule id="100201" level="5"> > <if_sid>31100</if_sid> #I also tried to put the specific number > of rule (30119, 30118,etc.) > <match>^client 192.168.21.18</match> > <options>no_email_alert</options> > </rule> > </group> > > what is wrong on it ? > > thanks! >
Your log sample didn't come through, or I missed it. Can you resend? > > > On Mon, Sep 24, 2012 at 9:13 AM, Leonardo Bacha Abrantes > <[email protected]> wrote: >> >> yes! exactly this! :) >> >> >> >> >> >> On Sun, Sep 23, 2012 at 11:30 AM, JB <[email protected]> wrote: >>> >>> Do you mean NOT to trigger alerts when the "Location" is >>> 'your.reverse.proxy.ip -> /var/log/httpd/access_log'? >>> >>> >>> On Friday, September 21, 2012 10:58:17 AM UTC-7, Leonardo Bacha Abrantes >>> wrote: >>>> >>>> Hey guys! >>>> >>>> I have a machine working a reverse proxy that redirect requests to >>>> another machine which is my webserver and am receiving a lot of alerts of >>>> my >>>> webserver that has the ip of my reverse proxy. >>>> I don't want to receive alerts of my webserver that has the ip of my >>>> reverse proxy. >>>> >>>> I found a rule below to ignore any alert but how can I specify to ignore >>>> alerts only in access.log and error.log from reverse proxy ? >>>> >>>> <rule id="100123" level="0"> >>>> <if_level>8</if_level> >>>> <srcip>Ip of my reverse proxy</srcip> >>>> <description>Ignoring any alert above level 8 that has MYIP >>>> decoded.</description> >>>> <rule> >>>> >>>> many thanks! >>>> >>>> >>>> >> >
