<description>Ignore rule 5501 for host </description>
</rule>
Kind regards,
Fredrik
Jesus Linares
unread,
Jul 4, 2017, 2:00:53 PM7/4/17
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ossec-list
Hi Fredrik,
do you want to ignore the rule 5501 if it is fired by your script?. is it not enough with the hostname and the user?.
Regards.
dan (ddp)
unread,
Jul 5, 2017, 9:46:49 PM7/5/17
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ossec...@googlegroups.com
Where do you plan on getting the time from? The timestamp in the logs
are stripped off and not evaluated.
>
> Kind regards,
> Fredrik
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Jesus Linares
unread,
Jul 7, 2017, 6:11:33 AM7/7/17
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ossec-list
I did end up doing this, user and hostname. However this isn't the 'optimal' solution as I do prefer to get alerts from the user + hostname at other times then ignoring it every half an hour. I will look more into the element time later on, and see if there's a way to achieve what I were trying to do.