Hello ossec-list, I am received many e-mail notifications about audit failure, for example:
OSSEC HIDS Notification. 2008 Dec 27 12:00:26 Received From: (<<Hostname>>) <<IP Address>>->WinEvtLog Rule: 18105 fired (level 4) -> "Windows audit failure event." Portion of the log(s): WinEvtLog: Security: AUDIT_FAILURE(861): Security: <<Username>>: <<Hostname>>: <<Hostname>>: The Windows Firewall has detected an application listening for incoming traffic. Name: - Path: <<Path of programm>> Process identifier: 1740 User account: <<Username>> User domain: <<Hostname>> Service: No RPC server: No IP version: IPv4 IP protocol: TCP Port number: <<Port used by programm>> Allowed: No User notified: No --END OF NOTIFICATION Question: How can I disable mail notification exactly for this program or disable auditing for this program. Thanks in advance. -- Best regards, Ashot mailto:[email protected]
