Hi, agents forward all log messages to the server. I assume what you want is to tune the rules, so they stop generating alerts for some cases. That can be done cloning the rule in local_rules.xml, using overwrite option and lowering the level to "0" (or using "noalert" parameter).
Hope that helps On Wed, Dec 9, 2015 at 3:58 PM, Zekicker <[email protected]> wrote: > Hello, > > I have some localfile directives to collect logs in ossec.conf i.e. in > global config. > How can I ignore few localfile logs with custom agent.conf ? > > Thank you ! > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
