H Kay! for the rule id you can choose any free number, i think, just take a look for your last rule number and use the following one :) cheers! On Thu, 2007-02-15 at 10:03 -0800, Kayvan A. Sylvan wrote: > On Wed, Feb 14, 2007 at 10:52:50PM -0400, Daniel Cid wrote: > > > > Hi Kayvan, > > > > The following link has some information about it: > > > > http://www.ossec.net/wiki/index.php/Know_How:Ignore_Rules > > > > For your situation, the following local rule would work: > > > > <rule id="xyz" level="0"> > > <if_sid>1002</if_sid> > > <match>getpeername failed</match> > > <description>Ignoring getpeername failed</description> > > </rule> > > Are the rules matched by id number? (i.e. Rule 1, then Rule 2, then > Rules 3, etc.) > > What should the rule id be for the above? > > ---Kayvan -- Nicolas Arias Security Officer +54 11 4109 1885 +54 9 11 5455 0055 nicolas.arias@xxxxxxxxxxx
Attachment:
signature.asc
Description: This is a digitally signed message part