Hi. I am passing the logs from my Cisco Wireless Lan Controllers through to OSSEC. One of the events that I am interested in is when rogue wireless access points are detected. Unfortunately, the events are issued for each wireless access point that detects the rogue, not just the controller.
I tried using FTS, which works partially in that I can trigger an alert just once. What I would like to be able to do is trigger an alert just once per day, so if the same device appears the next day I still get an alert. Is this possible? Thanks -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
