I would say you need to quiet that rule. You can either set the email alert threshold higher, or silence that particular rule.
I haven't seen that rule, but I definitely wouldn't like to get an email every time my iptables drops a packet or denies a connection. Best regards On Tue, Jan 19, 2016 at 10:55 AM, Jim Gallaher <[email protected]> wrote: > Hi everyone. I get about twelve emails an hour about rule 1002 iptables > denied. I've done some reading that you can set a rule to not send you > those emails, but others caution against it. > > Is it a good idea to set up a rule that doesn't send send an email if > iptables denies a request? > > Thanks, Jim Gallaher > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
