On 07.07.2013 14:02, Janelle wrote:
Hello,
Being somewhat new to OSSEC (about 8 months now), one feature I used
a
lot was the ability to silence a noisy rule. A typical example is
1002, which in some environments can be very noisy. The method I read
about was to duplicate the rule in local_rules.xml but change the
level to "0". This has worked fine with dozens of rules that were
false positives in the past all the way thru v 2.7. Now, however,
with
2.7.1 I keep getting duplicate rule errors and ossec fails to start.
Even if I add overwrite="yes" to the rule (which I did not have to do
before just to change the level).
Do your rules include 'overwrite="yes"'?
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
