Dan you are rock! last week we have put ossec in full production to meet PCI requirement and its rocking.. ( We have save 10 grand to cancelled TripWire quote )
Thanks all of you who participate in my queries.. -S On Mon, Apr 25, 2011 at 11:34 AM, dan (ddp) <ddp...@gmail.com> wrote: > Oh, add that to /var/ossec/rules/local_rules.xml and restart ossec. > > On Apr 25, 2011 11:32 AM, "dan (ddp)" <ddp...@gmail.com> wrote: >> On Apr 25, 2011 11:29 AM, "satish patel" <satish...@gmail.com> wrote: >>> >>> Hey Guys! >>> >>> Is there any quick way to remove unwanted rules from ossec ? even i >>> don't want alert or log them in file. (In short totally ignore).. I >>> want to remove following unwanted rules like following and etc... >>> >>> 591 - Log file rotated. >> >> <rule id="100000" level="0"> >> <if_sid>591</if_sid> >> </rule> >