'Re: [ossec-list] I'd like to ignore these...'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ossec-list
Subject:    Re: [ossec-list] I'd like to ignore these...
From:       Steven Stern <subscribed-lists () sterndata ! com>
Date:       2014-08-25 13:22:05
Message-ID: 53FB387D.10607 () sterndata ! com
[Download RAW message or body]


Thanks very much!

On 08/23/2014 06:29 AM, Binet, Valere (NIH/NIA/IRP) [C] wrote:
> write a local rule in /var/ossec/rules/local_rules.xml
> 
> Your rule should look more or less like this
> <rule id="100001" level="0">
> <if_sid>1002</if_sid>
> <match>AH01797</match>
> <description>Ignore AH01797 messages</description>
> </rule>
> 
> replace 100001 with the next available ID if 100001 is already used by another \
> rule. 
> Hoping this helps.
> 
> Valere
> ________________________________________
> From: Steven Stern [subscribed-lists@sterndata.com]
> Sent: Friday, August 22, 2014 6:21 PM
> To: ossec-list@googlegroups.com
> Subject: [ossec-list] I'd like to ignore these...
> 
> What's the best way to get OSSEC to ignore this particular "error" in
> error_log? It's the result of .htaccess rules operating corrrectly, so I
> don't really need to get emails about it.
> 
> I suspect that I need to tell it to non notifiy me on a rule 1002 if
> "AH01797" is in the text, but I'm not sure how to do that.
> 
> OSSEC HIDS Notification.
> 2014 Aug 22 17:14:00
> 
> Received From:
> cumberland->/var/log/httpd/mywordpress.sterndata.com-error_log
> Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
> Portion of the log(s):
> 
> [Fri Aug 22 17:14:00.115147 2014] [access_compat:error] [pid 16549]
> [client 93.120.14.206:55202] AH01797: client denied by server
> configuration: /var/www/mywordpress/wordpress/xmlrpc.php
> 
> --
> -- Steve
> 
> --
> 
> ---
> You received this message because you are subscribed to the Google Groups \
> "ossec-list" group. To unsubscribe from this group and stop receiving emails from \
> it, send an email to ossec-list+unsubscribe@googlegroups.com. For more options, \
> visit https://groups.google.com/d/optout. 


-- 
-- Steve

-- 

--- 
You received this message because you are subscribed to the Google Groups \
"ossec-list" group. To unsubscribe from this group and stop receiving emails from it, \
send an email to ossec-list+unsubscribe@googlegroups.com. For more options, visit \
https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic