On Thursday, March 7, 2013 10:43:35 PM UTC-5, Michael Lubinski wrote: > > So using srcip in this way wont work? > > Your initial email suggests that this does not work.
> On Thu, Mar 7, 2013 at 9:41 PM, dan (ddpbsd) <[email protected]<javascript:> > > wrote: > >> >> >> On Thursday, March 7, 2013 10:32:51 PM UTC-5, Michael Lubinski wrote: >>> >>> Sorry i'm new to ossec. >>> >>> >> I don't want to see logs generated by my scanner so TO and FROM the >>> scanner IP. How can I tell where the process is breaking down? >>> >>> >> Easier said than done. Take each log message you don't want to see and >> create an ignore rule for it. It's a pain really. >> >> >>> >>> On Thu, Mar 7, 2013 at 9:30 PM, dan (ddp) <[email protected]> wrote: >>> >>>> On Thu, Mar 7, 2013 at 10:20 PM, Michael Lubinski >>>> <[email protected]> wrote: >>>> > I cannot get a custom rule to work, a simple src or dst IP rule. >>>> Whenever I >>>> > try to add srcip to a rule its like the rule doesn't work. Here is an >>>> > example >>>> > >>>> > <rule id="100031" level="0"> >>>> > <srcip>x.x.x.x</srcip> >>>> > <description>Ignoring traffic</description> >>>> > </rule> >>>> > >>>> > >>>> >>>> What is the ultimate goal? Is srcip being decoded properly? What log >>>> message is getting through that you don't want to see? Why do I have >>>> to ask you to provide this information? >>>> >>>> > -- >>>> > >>>> > --- >>>> > You received this message because you are subscribed to the Google >>>> Groups >>>> > "ossec-list" group. >>>> > To unsubscribe from this group and stop receiving emails from it, >>>> send an >>>> > email to ossec-list+...@**googlegroups.com. >>>> >>>> > For more options, visit >>>> > https://groups.google.com/**groups/opt_out<https://groups.google.com/groups/opt_out> >>>> . >>>> > >>>> > >>>> >>>> -- >>>> >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "ossec-list" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to ossec-list+...@**googlegroups.com. >>>> >>>> For more options, visit >>>> https://groups.google.com/**groups/opt_out<https://groups.google.com/groups/opt_out> >>>> . >>>> >>>> >>>> >>> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
