Of course my bad, this is how I did set it up.
sshd
MYIP
no_email_alert
Ignore rule 5715 for host
5501
agent server hostname (ex. webserver01)
no_email_alert
Ignore rule 5501 for host
Den onsdag 21 juni 2017 kl. 12:00:04 UTC+2 skrev Jesus Linares:
>
> What hostname?.
>
> If you
What hostname?.
If you share your rules, you may help other user with the same issue.
Regards.
On Tuesday, June 20, 2017 at 2:31:57 PM UTC+2, Fredrik Hilmersson wrote:
>
> Thanks alot Jesus,
>
> did solve it by creating two local rules one for rule 5715 matching the
> srcip,
> and one rule to
Thanks alot Jesus,
did solve it by creating two local rules one for rule 5715 matching the
srcip,
and one rule to match the hostname to ignore the 5501.
Kind regards,
Fredrik
Den tisdag 20 juni 2017 kl. 14:09:39 UTC+2 skrev Jesus Linares:
>
> Hi Fredrik,
>
> when you create a new ssh
Hi Fredrik,
when you create a new ssh connection, the following alerts are generated:
** Alert 1497960059.10786: -
syslog,sshd,authentication_success,pci_dss_10.2.5,2017 Jun 20 12:00:59
ip-10-0-0-10->/var/log/auth.log
Rule: *5715 *(level 3) -> 'sshd: authentication success.'*Src IP: