Hello!
I have read some of the similar posts, but can't seem to get it to work.
I'm trying to stop the following (syslog) message from generating an alert
- while the underlying cause is being dealt with:
Feb 25 09:40:31.464 apf_foreignap.c:1281
APF-4-REGISTER_IPADD_ON_MSCB_FAILED: Could not Register IP Add on MSCB.
MSCB still in init state. Address:00:40:96:a7:50:c6
I have added a rule to local_rules.xml:
<!-- This was put in place to silence alerts generated by the Cisco WAC
-->
<rule id="100002" level="2">
<if_sid>1002</if_sid>
<srcip>192.168.x.y</srcip>
<match>%APF-4-REGISTER_IPADD_ON_MSCB_FAILED: </match>
<options>no_email_alert</options>
</rule>
I have tried different match-strings, with/without ip-address but I can't
seem to get a hit on my custom filter when using the ossec-logtest binary
and the message keeps generating email alerts,
What have I got wrong?!
Fredrik
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
