We recently been getting the following message from OSSEC:
OSSEC HIDS Notification. 2017 Oct 27 09:40:01 Received From: (lxbandt2) 10.8.6.31->/var/log/messages Rule: 5104 fired (level 8) -> "Interface entered in promiscuous(sniffing) mode." Portion of the log(s): Oct 27 09:39:59 lxbandt2 kernel: device eth10 entered promiscuous mode --END OF NOTIFICATION Question Is there a way to ignore this message (other that are similar) as we determine that this is not a issue for the server (It seems like Oracle is running a process) If this is possible to whitelist or somehow have OSSEC ignore this specific warning. If so – where do we code this. I am running OSSEC 2.8.1 on the client and server. Thanks in advance Stephen LuShing Hofstra University - Open System 125 Hofstra University McEwen Hall - Room 208 Hempstead, NY 11549 -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
