Hi all,
I am running the latest OSSEC and getting the following emails (lots of it)
OSSEC HIDS Notification.
2018 Oct 10 13:05:36
Received From: nlbslPws1->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 10 13:05:34 nlbslPws1 bro_dns: 1539191117.237505
Cm7plw22kNVV4IKZl1 172.16.90.80 40652
172.16.64.44 53 udp 30263 apollo.ntis.gov
- - - - 0
NOERROR T F F
T 0 10.124.229.22 86400.000000 F
I added in my syslog_rules.xml the following:
<rule id="400001" level="0">
<if_sid>1002</if_sid>
<program_name>bro_dns</program_name>
<match>NOERROR$</match>
<description>ignore this message</description>
</rule>
I am still getting the emails.
Any idea what I am missing?
Thanks
Monah
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
