Hi Dan,
Is there any chances, you could give me simple example please?
Is this rule any good for my need?
<group name="mygroup">
<rule id="100002" level="0">
<if_sid>31101</if_sid>
</rule>
<rule id="100004" level="2">
<if_sid>1002</if_sid>
<description>do not send by email</description>
</rule>
</group>
Thank you
Fred
Hi Dan,
Is there any chances, you could give me simple example please?
Is this rule any good for my need?
<group name="mygroup">
<rule id="100002" level="0">
<if_sid>31101</if_sid>
</rule>
<rule id="100004" level="2">
<if_sid>1002</if_sid>
<description>do not send by email</description>
</rule>
</group>
Thank you
F
Hi Dan,
Is there any chances, you could give me simple example please?
On Friday, 2 January 2015 13:49:28 UTC, Fred974 wrote:
>
> Hi,
>
> I keep receiving an email with the following content:
>
> OSSEC HIDS Notification.
>> 2015 Jan 02 12:00:01
>>
>> Received From: trinity->/var/log/maillog
>> Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
>> Portion of the log(s):
>>
>> Jan 2 12:00:00 trinity smtpd[1161]: smtp-out: Error on session
>> 07918989899b62f0: Connection failed: No route to host
>>
>>
>>
>> --END OF NOTIFICATION
>
>
> I read that If OSSEC receives a log that it doesn’t know how to decode it
> will generate an event 1002 - "Unknown problem somewhere in the system"
> The solution is to configure a minimal decoder to identify a unique field
> within the log so that OSSEC no longer considers the log unknown.
>
> Could someone please help me to understand how to apply this solution?
> I'll appreciate a simple example to get me on track.
>
> Thank you
>
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
