On Thu, Oct 24, 2013 at 9:23 AM, Stephan Gomes Higuti <[email protected]> wrote: > Hello Guys, > > I'd like to know if is possible to configure ossec for ignoring a time > period. > Ex: Where I work, we've got our change process, and we install up to 8 > changes a day. > The problem is, ossec is generating lots of notifications of new files, > change files, etc, because this changes may be new files or updated versions > of existent files. > So, I wanna configure ossec for ignore syscheck and stuff from 7:00pm to > 8:00pm, and in this period, the changes will be applied, and then at 8:00, > ossec will "resume" operations normally, but will ignore all changes that > happened during that time. > Is that possible? >
You could try creating a rule to ignore sycheck alerts using the time option: http://ossec.net/doc/syntax/head_rules.html#element-time > Regards,, > > Stephan Gomes Higuti > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
