Sorry i'm new to ossec. I don't want to see logs generated by my scanner so TO and FROM the scanner IP. How can I tell where the process is breaking down?
On Thu, Mar 7, 2013 at 9:30 PM, dan (ddp) <[email protected]> wrote: > On Thu, Mar 7, 2013 at 10:20 PM, Michael Lubinski > <[email protected]> wrote: > > I cannot get a custom rule to work, a simple src or dst IP rule. > Whenever I > > try to add srcip to a rule its like the rule doesn't work. Here is an > > example > > > > <rule id="100031" level="0"> > > <srcip>x.x.x.x</srcip> > > <description>Ignoring traffic</description> > > </rule> > > > > > > What is the ultimate goal? Is srcip being decoded properly? What log > message is getting through that you don't want to see? Why do I have > to ask you to provide this information? > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
