Update: i see even that location is: /var/log/secure, so maybe is a log? sorry but i'm little newbie with ossec
Il giorno mer 19 set 2018 alle ore 17:56 Stefano Serano < [email protected]> ha scritto: > Now that you said me that, i notice that _index in kibana discover said: > wazuh-alert. > how can stop ossec to store alert and log about this rule? > > Il giorno mer 19 set 2018 alle ore 17:52 dan (ddp) <[email protected]> ha > scritto: > >> On Wed, Sep 19, 2018 at 11:43 AM Stefano Serano <[email protected]> >> wrote: >> > >> > Hi. >> > I added this custom rule on local rules: >> > >> > <rule id="800001" level="0"> >> > <if_sid>5710</if_sid> >> > <description> ignore SSH</description> >> > <description>failed logins</description> >> > </rule> >> > >> > this stop send me mail alert, but i can still see log be generated on >> Kibana. What can i do? >> > >> >> Is the alert showing up in kibana, or the log message? >> If it's just the log message you must have something else pushing them >> into elasticsearch. >> >> If it's the 5710 alert, make sure the OSSEC server processes have been >> restarted. >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> Groups "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
