[prev in list] [next in list] [prev in thread] [next in thread]
List: ossec-list
Subject: Re: [ossec-list] I need help to ignore a Host Login
From: "dan (ddp)" <ddpbsd () gmail ! com>
Date: 2016-08-17 18:58:43
Message-ID: CAMyQvMpdXXx07aQtEG_L6a0OGHq73dOLo-uTCj3=NMBhyOL59w () mail ! gmail ! com
[Download RAW message or body]
On Wed, Aug 17, 2016 at 2:50 PM, Pedro dal toe <pedrodaltoe@gmail.com> wrote:
> We are making monitoring by the Zabbix where Zabbix logs in máquna SSH and
> checks whether the line "INFO: Connected to the server" in
> /var/ossec/logs/ossec.log file, but we are getting login alerts.
> I sought some ignores or white lists, but found nehhum, if someone can help
> me thank you.
>
Without a log sample I can only provide a guess. Maybe something like
this in local_rules.xml:
<rule id="320000" level="0">
<if_sid>SID_OF_ALERT_YOU_ARE_SEEING</if_sid>
<srcip>IP_OF_ZABBIX</srcip>
<description>Ignore zabbix</description>
</rule>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscribe@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google Groups \
"ossec-list" group. To unsubscribe from this group and stop receiving emails from it, \
send an email to ossec-list+unsubscribe@googlegroups.com. For more options, visit \
https://groups.google.com/d/optout.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic