On Wed, Jul 24, 2013 at 9:27 AM, Macaulay Dias Souza <[email protected]> wrote: > I add this rules; So far seems to be working. > >> <rule id="700679" level="0"> >> <if_sid>18152</if_sid> >> <hostname>SSP001001-006</hostname> >> <description>Ignore multiples login failures</description> >> >> </rule> > > > But not to block 1002 and yes to 18152 > > To ignore the 1002 >
I thought I had linked to this, but if not here it is again: http://ossec.net/doc/faq/alerts.html#how-do-i-ignore-rule-1002 > Srv-monitor OTRS-otrs.GenericAgent.pl-10[4230]: > [Error][Kernel::System::DB::new][Line:227]: Access denied for user > 'otrs'@'localhost' (using password: YES) > Srv-monitor /USR/SBIN/CRON[4226]: (CRON) error (grandchild #4228 failed with > exit status 255) > Srv-monitor OTRS-otrs.PostMasterMailbox.pl-10[4232]: > [Error][Kernel::System::DB::new][Line:227]: Access denied for user > 'otrs'@'localhost' (using password: YES) > Srv-monitor /USR/SBIN/CRON[4225]: (CRON) error (grandchild #4229 failed with > exit status 255) > Srv-monitor OTRS-otrs.GenericAgent.pl-10[4233]: > [Error][Kernel::System::DB::new][Line:227]: Access denied for user > 'otrs'@'localhost' (using password: YES) > Srv-monitor /USR/SBIN/CRON[4227]: (CRON) error (grandchild #4231 failed with > exit status 255) > > Eu terei que criar regras para que quando encontre esses texto eu ignore? > Como por exemplo: > >> <rule id="101002" level="0"> >> <if_sid>1002</if_sid> >> <program_name>^canitd</program_name> >> <match>Srv-monitor /USR/SBIN/CRON[4227]: (CRON) error (grandchild >> #4231 failed with exit status 255)</match> >> </rule> > > > Correto? > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
