[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Whitelisting specific syslog message

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Whitelisting specific syslog message
From: Steve Johnson <maillist@xxxxxxxxxxxxx>
Date: Thu, 21 Jun 2007 14:18:51 -0400

Hi,

There is a syslog message that triggers rule 1002 for syslog, which is 
about alerting on certain keyword. The message happens when we try to 
set an ssh tunnel when the port has already been used by someone else 
and has the keyword "error" generated by sshd. I don't want to remove 
the keyword from rule 1002 or even less ignore the rule completely, but 
I was wondering if there was a way to whitelist certain specific syslog 
messages? I could not find the information in the wiki, so I hope I 
didn't just overlook it :-)

Thanks,
Steve Johnson

Follow-Ups:
- [ossec-list] Re: Whitelisting specific syslog message
  - From: Michael Starks
- [ossec-list] Re: Whitelisting specific syslog message
  - From: Daniel Cid

Prev by Date: [ossec-list] Re: New OSSEC User: False Positive
Next by Date: [ossec-list] Re: Integrity Checking Not Working <-- BREAKTHROUGH ;-)
Previous by thread: [ossec-list] OT: AIX knowledge required
Next by thread: [ossec-list] Re: Whitelisting specific syslog message
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.