On Friday, November 13, 2015 at 12:17:09 PM UTC-5, dan (ddpbsd) wrote: > > Ok, this information is working for me as well. I have tested it on a > local install and an agent/server install (changing the hostname as > appropriate). > > Is the agent name testserver? Do the hostname of the system and the > agent name match? >
Yes, that all matches up. In fact, I've tried with multiple hostnames or just one hostname, and each time the logtest catches it as "Level: '0' - Description: 'Ignore MIP Alerts'"no matter what I throw at it, but the emails/alerts keep coming in as "Rule: 1002 fired (level 2)". I'm even waiting for the email to come in, grabbing the "Portion of the log(s):" from the email and pasting it into the logtest, and each time it comes up as "Level: '0' - Description: 'Ignore MIP Alerts'". -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.