So using srcip in this way wont work? On Thu, Mar 7, 2013 at 9:41 PM, dan (ddpbsd) <[email protected]> wrote:
> > > On Thursday, March 7, 2013 10:32:51 PM UTC-5, Michael Lubinski wrote: >> >> Sorry i'm new to ossec. >> >> > I don't want to see logs generated by my scanner so TO and FROM the >> scanner IP. How can I tell where the process is breaking down? >> >> > Easier said than done. Take each log message you don't want to see and > create an ignore rule for it. It's a pain really. > > >> >> On Thu, Mar 7, 2013 at 9:30 PM, dan (ddp) <[email protected]> wrote: >> >>> On Thu, Mar 7, 2013 at 10:20 PM, Michael Lubinski >>> <[email protected]> wrote: >>> > I cannot get a custom rule to work, a simple src or dst IP rule. >>> Whenever I >>> > try to add srcip to a rule its like the rule doesn't work. Here is an >>> > example >>> > >>> > <rule id="100031" level="0"> >>> > <srcip>x.x.x.x</srcip> >>> > <description>Ignoring traffic</description> >>> > </rule> >>> > >>> > >>> >>> What is the ultimate goal? Is srcip being decoded properly? What log >>> message is getting through that you don't want to see? Why do I have >>> to ask you to provide this information? >>> >>> > -- >>> > >>> > --- >>> > You received this message because you are subscribed to the Google >>> Groups >>> > "ossec-list" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> an >>> > email to ossec-list+...@**googlegroups.com. >>> >>> > For more options, visit >>> > https://groups.google.com/**groups/opt_out<https://groups.google.com/groups/opt_out> >>> . >>> > >>> > >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to ossec-list+...@**googlegroups.com. >>> >>> For more options, visit >>> https://groups.google.com/**groups/opt_out<https://groups.google.com/groups/opt_out> >>> . >>> >>> >>> >> -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
