Did not test, but this match instead of a regex should do the trick:
<match>Account Name: SM_</match>
You can also set alert level to 0 and set:
<options>no_email_alert</options>
More info:
http://ossec-docs.readthedocs.org/en/latest/syntax/head_rules.html
El jueves, 22 de enero de 2015, 10:19:17 (UTC+1), Janis Zoldners escribió:
>
> Hello,
>
> I don't know how to filter out unneeded alerts, if alert contains 'Account
> Name: SM_randomstring', for example, SM_f9295f8bdec14ffe9
> Tried:
> <regex>Account Name:\s+SM+\.+\w</regex>
>
> How to filter out such alerts?
> Thank you!
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
