[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: Hmmm... More on ignoring certain alerts

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: Hmmm... More on ignoring certain alerts
From: "Kayvan A. Sylvan" <kayvan@xxxxxxxxxx>
Date: Fri, 16 Feb 2007 17:36:49 -0800
Content-disposition: inline

On Fri, Feb 16, 2007 at 01:30:13PM -0500, Mark Haney wrote:
> 
> Kayvan A. Sylvan wrote:
> >Okay, following up on ignoring certain alerts:
> >Part of my local_rules.xml is:
> > <rule id="100070" level="0">
> >    <if_sid>1002</if_sid>
> >    <match>smbd\.*   Denied connection from  (0.0.0.0)</match>
> >    <description>Ignoring smbd denied connection from</description>
> >  </rule>
> 
> First guess, the <match> should be <regex> instead.  <match> will
> exactly match what it has in the rule and by this the log doesn't match.

Okay. Thanks.

Is there documentation on what are the tags that can be put in the xml file?

			---Kayvan
-- 
Kayvan A. Sylvan          | Proud husband of       | Father to my kids:
Sylvan Associates, Inc.   | Laura Isabella Sylvan, | Katherine Yelena (8/8/89)
http://sylvan.com/~kayvan | my beautiful Queen.    | Robin Gregory (2/28/92)

Follow-Ups:
- [ossec-list] Re: Hmmm... More on ignoring certain alerts
  - From: Daniel Cid

References:
- [ossec-list] Hmmm... More on ignoring certain alerts
  - From: Kayvan A. Sylvan
- [ossec-list] Re: Hmmm... More on ignoring certain alerts
  - From: Mark Haney

Prev by Date: [ossec-list] No client configured. Exiting.
Next by Date: [ossec-list] Re: Hmmm... More on ignoring certain alerts
Previous by thread: [ossec-list] Re: Hmmm... More on ignoring certain alerts
Next by thread: [ossec-list] Re: Hmmm... More on ignoring certain alerts
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.