On Wed, Apr 16, 2014 at 4:28 AM, Jan Andrasko <[email protected]> wrote: > Hello Evan, > > rule 1002 matches every log which contains these words: > > <var name="BAD_WORDS">core_dumped|failure|error|attack|bad |illegal > |denied|refused|unauthorized|fatal|failed|Segmentation Fault|Corrupted</var> > > and is by default configured to aler by email > > <rule id="1002" level="2"> > <match>$BAD_WORDS</match> > <options>alert_by_email</options> > <description>Unknown problem somewhere in the system.</description> > </rule> > > You can create new local rule to override this for either only iptables or > all events with ID 1002 >
Which we consider a really bad idea. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
