Our wiki has some information about it: http://www.ossec.net/wiki/index.php/Know_How:Ignore_Rules Some examples here: http://www.ossec.net/rules/?f=local_rules.xml If that doesn't help, can you show us an example of the rules/events that you want to filter? We would need to know the exact windows event ID and rule that is generating it.. Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On 10/31/06, Black CryptoKnight <black_cryptoknight@xxxxxxxxx> wrote:
Hi, I installed OSSEC-9.3 on a Windows 2000 Domain Controller, and I am getting several alerts related to "Windows Logon Success" for type 3 logins (network). How can I filter out these type 3 logins, but still be notified of logins at the console (type 2 - interactive)? Visit Jamaica's Tech Portal http://www.techjamaica.com ________________________________ Everyone is raving about the all-new Yahoo! Mail.