[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] filter rules on host and log file?

To: ossec-list <ossec-list@xxxxxxxxxxxxxxxx>
Subject: [ossec-list] filter rules on host and log file?
From: "metacosmic@xxxxxxxxx" <metacosmic@xxxxxxxxx>
Date: Tue, 04 Sep 2007 01:13:41 -0700
Content-transfer-encoding: quoted-printable

hi *,

i run ossec agent on several web servers where i monitor the system
files and the webserver log files.
now i ran into a problem with the rule

Rule: 1002 fired (level 7) -> "Unknown problem somewhere in the
system."

this rules (is my understanding) is just a pattern matching of bad
words or?
and here starts my problem ;)

there might be session id in the webserver logfiles wich includes the
three letters bad ...
there might be a valid html slide with the name terrorist
there might be a valid html slide with the name errorxyz ...

all this stuf fires up the rules 1002 :)

therefor i don´t want to apply the rules to the webserver log files
but of curse to the system log files on this host ...
i don't have the slightest idea of howto manage this with rules
section :)

ideas very welcome!

cheers
philipp

Follow-Ups:
- [ossec-list] Re: filter rules on host and log file?
  - From: tswmmeejsdad@xxxxxxxxx
- [ossec-list] Re: filter rules on host and log file?
  - From: Daniel Cid

Prev by Date: [ossec-list] Integrity Checking
Next by Date: [ossec-list] Problem: ossec-agentd(4101): Waiting for server reply (not started).
Previous by thread: [ossec-list] Integrity Checking
Next by thread: [ossec-list] Re: filter rules on host and log file?
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.