[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] feature request: whitelist

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] feature request: whitelist
From: Lars Scheithauer <larsscheithauer@xxxxxxxxxxxxxx>
Date: Sat, 10 Jun 2006 21:33:58 +0200
Organization: mindcluster.org

Good Evening, Everyone!

I've been using ossec for about a week now and have one proposal for a 
feature. Some rules (like the 102-rule) are very broad and trigger on a lot 
of occasions. At my boxes, this frequently happens, since errormessages in my 
programs often contain the word error in the URL, hence the rule 102 fires 
whenever someone checks some errormessages out. A very common program - 
awstats - also uses the term error in urls.

Is it possible to whitelist some programs or to check some rules only on 
specific parts of the errorchannel? (since apache is already checked by some 
rules, I would like to whitelist it at the syslog-module)

Second point is rule 3013, which is fired a lot in high-traffic-times with 
missing robot.txts or favicon.icos. I would also like to have a whitelist 
there, is that already possible?

Thanks in advance,
Lars

--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---

Follow-Ups:
- [ossec-list] Re: feature request: whitelist
  - From: Daniel Cid

Prev by Date: [ossec-list] Re: vsftpd rule
Next by Date: [ossec-list] Re: feature request: whitelist
Previous by thread: [ossec-list] Re: implementation question
Next by thread: [ossec-list] Re: feature request: whitelist
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.