On Fri, Oct 1, 2010 at 10:36 AM, blacklight <vphu...@yahoo.com> wrote: > I just spoke with my boss - the method I ran by you is cumbersome and > lacks scalability. Is there a way to get whitelisting implemented at > the agent level? >
I outlined the 2 methods in my last email. To re-iterate: 1. Global whitelisting of IPs in ossec.conf 2. Using rules to whitelist on a rule-by-rule basis If you need another option, the code is available and the developers accept patches (as well as ideas, but I'd bet that patches are preferred ;)).
