On Thursday, January 2, 2014 6:13:55 PM UTC-5, dan (ddpbsd) wrote: > > On Thu, Jan 2, 2014 at 6:10 PM, dan (ddp) <[email protected] <javascript:>> > wrote: > > I'll have to jump on a computer later to test. Rulea still do not belong > on > > the agents. Never have, never will. I'll try to add a faq entry on that. > > > > Oops, I can't seem to find the log sample. > I've got it working now, I had duplicated the rules in the file because my VI skillz are like that :) I am using the names without wild cards separated with pipe "|", and once I restarted the whole server, not just ossec it began working/ignoring. I am using lowercase names in the rule even though the names are uppercase when I entered them as agents. I have not tried with wildcards and I don't think I will since I only have a handful to ignore on. Basically OSSEC is duplicating the effort with that alert and it's a chatty/large alert for us. Thanks for the tips nonetheless! -rich
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
