The original 1002 rule is still triggered and sent to my mail every day. My rule is ignored for some reason.
Victor Fernandez <[email protected]> skrev: (15 februari 2017 18:04:05 CET) >Hi, > >I think that your configuration is correct. What's exactly the problem >that >you have? I mean, is the rule 1002 still appearing even with that >message, >or does the rule 3752 appear at the alert log? > >Best regards. > >On Tue, Feb 14, 2017 at 4:11 PM, <[email protected]> wrote: > >> Hi! I'm trying to remove these notifications from mailscanner. >> >> >> OSSEC HIDS Notification. >> 2017 Feb 14 06:29:41 >> >> Received From: hostname->/var/log/syslog >> Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the >system." >> Portion of the log(s): >> >> Feb 14 06:29:39 hostname update.bad.phishing.sites: Phishing bad >sites >> list updated >> >> >> --END OF NOTIFICATION >> >> >> I've tried to make a rule for it but it's not working. Any help is >> appreciated! >> >> <rule id="3752" level="0"> >> <if_sid>1002</if_sid> >> <match>update.bad.phishing.sites: Phishing bad sites list >updated</match> >> <description>Ignore mailscanner update messages.</description> >> </rule> >> >> -- >> Göran Lundberg >> -- >> This message has been scanned for viruses and >> dangerous content by *MailScanner* <http://www.mailscanner.info/>, >and is >> believed to be clean. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google >Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, >send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > > >-- >Victor M. Fernandez-Castro >IT Security Engineer >Wazuh Inc. > >-- > >--- >You received this message because you are subscribed to the Google >Groups "ossec-list" group. >To unsubscribe from this group and stop receiving emails from it, send >an email to [email protected]. >For more options, visit https://groups.google.com/d/optout. > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
