My problem is a meta data. For example, i get this alert 2014 Nov 17 17:04:10 integrity checksum changed for: /usr/bin/perlbug
#stat /usr/bin/perlbug File: `/usr/bin/perlbug' Size: 36840 Blocks: 72 IO Block: 4096 regular file Device: fd00h/64768d Inode: 728123 Links: 1 Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2014-11-17 17:45:46.000000000 +0100 Modify: 2013-10-01 20:19:58.000000000 +0200 Change: 2014-11-17 17:02:29.000000000 +0100 I do not know the cause, but want to ignore this meta data change. Thank you. Le lundi 17 novembre 2014 13:55:10 UTC+1, dan (ddpbsd) a écrit : > > On Fri, Nov 14, 2014 at 7:48 AM, <[email protected] <javascript:>> > wrote: > > Hello Dan, > > > > Thank you for your answer. > > Specific reboot time for each server. > > > > IIRC, there are rule options that limit the rule to a specific time. Try > those. > > > Le jeudi 13 novembre 2014 18:28:54 UTC+1, dan (ddpbsd) a écrit : > >> > >> On Thu, Nov 13, 2014 at 12:24 PM, <[email protected]> wrote: > >> > > >> > > >> > Le jeudi 13 novembre 2014 17:50:42 UTC+1, dan (ddpbsd) a écrit : > >> >> > >> >> On Thu, Nov 13, 2014 at 11:48 AM, <[email protected]> wrote: > >> >> > Hello > >> >> > > >> >> > I want to ignore alerts when my client OSSEC reboots. > >> >> > What is a syntax? > >> >> > > >> >> > >> >> Which alerts specifically? Or all alerts after a reboot? > >> > > >> > > >> > All alerts of (checksum changed) during reboot. > >> > >> I don't know of a way to ignore those only during a reboot. You could > >> ignore them all the time, or accept them all the time. Unless you have > >> specific times you do reboots? > >> > >> >> > >> >> > >> >> > Thank you in advance. > >> >> > > >> >> > Regards, > >> >> > > >> >> > -- > >> >> > > >> >> > --- > >> >> > You received this message because you are subscribed to the Google > >> >> > Groups > >> >> > "ossec-list" group. > >> >> > To unsubscribe from this group and stop receiving emails from it, > >> >> > send > >> >> > an > >> >> > email to [email protected]. > >> >> > For more options, visit https://groups.google.com/d/optout. > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send > >> > an > >> > email to [email protected]. > >> > For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
