Hi all,
I'm running into an issue where rule 510 is triggering and I'm getting
spammed with alerts but I can't seem to tune it correctly. What's weird is
that I am still getting alerted for rule 510 for this log, but I can't
figure out how to get that to show in logtest. Basically, I am getting
spammed with rule 510 and trying to filter it down more and here is what
happens when I enter the log in logtest: .... any ideas on how to fix
this?
**Phase 1: Completed pre-decoding.
full event: 'File '/filepath/' is owned by root and has written
permissions to anyone.'
hostname: 'hostname'
program_name: '(null)'
log: 'File '/filepath/' is owned by root and has written permissions
to anyone.'
**Phase 2: Completed decoding.
decoder: 'sample_decoder_setup'
id: '/filepath/'
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
