On Thursday, March 7, 2013 10:32:51 PM UTC-5, Michael Lubinski wrote: > > Sorry i'm new to ossec. > > I don't want to see logs generated by my scanner so TO and FROM the scanner > IP. How can I tell where the process is breaking down? > > Easier said than done. Take each log message you don't want to see and create an ignore rule for it. It's a pain really.
> > On Thu, Mar 7, 2013 at 9:30 PM, dan (ddp) <[email protected] > <javascript:>>wrote: > >> On Thu, Mar 7, 2013 at 10:20 PM, Michael Lubinski >> <[email protected] <javascript:>> wrote: >> > I cannot get a custom rule to work, a simple src or dst IP rule. >> Whenever I >> > try to add srcip to a rule its like the rule doesn't work. Here is an >> > example >> > >> > <rule id="100031" level="0"> >> > <srcip>x.x.x.x</srcip> >> > <description>Ignoring traffic</description> >> > </rule> >> > >> > >> >> What is the ultimate goal? Is srcip being decoded properly? What log >> message is getting through that you don't want to see? Why do I have >> to ask you to provide this information? >> >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an >> > email to [email protected] <javascript:>. >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
