On Feb 26, 2016 8:34 AM, "Evros Nireas" <[email protected]> wrote: > > Hello All, > > I have 2 Linux machines have already installed ossec agent.I succesfully disable this rule like this > (ossec_rules.xml) > > <--!rule id="554" level="0">
Since the rule is level 0, and the functionality is disabledby default, are you sure this is the rule that's firing? > <category>ossec</category> > <decoded_as>syscheck_new_entry</decoded_as> > <description>File added to the system.</description> > <group>syscheck,</group> > </rule--!> > That may also be correct, but generally I comment out things with "<!--" and "-->". > but the other one still send mail whenever a new file add to folder.How could i disable this rule recommended way? > Is one of these machines an ossec server, or do they both have local installations? If they are both local installations, you'll have to repeat the process on the second system. > Regards > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
