Now that you said me that, i notice that _index in kibana discover said: wazuh-alert. how can stop ossec to store alert and log about this rule?
Il giorno mer 19 set 2018 alle ore 17:52 dan (ddp) <[email protected]> ha scritto: > On Wed, Sep 19, 2018 at 11:43 AM Stefano Serano <[email protected]> > wrote: > > > > Hi. > > I added this custom rule on local rules: > > > > <rule id="800001" level="0"> > > <if_sid>5710</if_sid> > > <description> ignore SSH</description> > > <description>failed logins</description> > > </rule> > > > > this stop send me mail alert, but i can still see log be generated on > Kibana. What can i do? > > > > Is the alert showing up in kibana, or the log message? > If it's just the log message you must have something else pushing them > into elasticsearch. > > If it's the 5710 alert, make sure the OSSEC server processes have been > restarted. > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
