Dear All, If I make changes to my local_rules.xml and add some rules in there to effectively whitelist some false postives which happen as an environment starts building (i.e make them associate to level 0). And then I want to test my new local_rules.xml without having to destroy and start a new environment again - is there a way to wipe clean the alerts file and get OSSEC to do it's precoding, decoding stuff from all the received log entries from the OSSEC agents from fresh? So effectively have a fresh alerts file which implements my new changes in the local_rules.xml file.
Cheers -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
