[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: SSH Brute Force Attacks and Alerting

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: SSH Brute Force Attacks and Alerting
From: Ben Ruset <ben.ruset@xxxxxxxxxxx>
Date: Wed, 02 May 2007 21:03:34 -0400
Cc: ossec-list@xxxxxxxxx
Content-transfer-encoding: 7bit

Well, am I right in assuming that the config should stop all rulesgreater than level 7 from being emailed?


Is rule level 1 more servere than rule level 16?

Thanks,
-ben

Tommy May wrote:

This was very helpful to me....(thanks to Daniel Cid)

http://www.ossec.net/wiki/index.php/Know_How:Ignore_Rules

This isn't just to ignore rules...this also tells you that you can ignore all rules "unless it matches a very specific pattern".

Hope this is helpful.

Tommy

Follow-Ups:
- [ossec-list] Re: SSH Brute Force Attacks and Alerting
  - From: Daniel Cid

References:
- [ossec-list] Re: SSH Brute Force Attacks and Alerting
  - From: Tommy May

Prev by Date: [ossec-list] Possible rootkit false positive for Debian? - Advice
Next by Date: [ossec-list] Re: [ossec-dev] Possible rootkit false positive for Debian? - Advice
Previous by thread: [ossec-list] Re: SSH Brute Force Attacks and Alerting
Next by thread: [ossec-list] Re: SSH Brute Force Attacks and Alerting
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.