The context is /var/log/syslog monitoring, I have one system which is
generating numerous messages which I don't want to receive alerts for. I
would prefer to avoid a rules-based approach because I'm just beginning to
understand OSSEC and others with less knowledge than i need to be able to
administer it as well. I want to exclude certain messages from syslog
evaluation and noticed the ability to use a command (such as 'grep -v ...
???) under localfile.
Is this a reasonable solution to my requirement?
(If this is a reasonable solution)
Do I also need to use the full_command and frequency options or will
just specifying syslog as the log_format suffice?
I assume that I will need to configure /var/log/syslog monitoring on
each system since configuring it it agent.conf and having a different
configuration on the specific system would produce conflicting
configuration, correct?
Thanks for your help.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
