Will it at least significantly reduce the amount of alerts in the alerts.log file? I just want to verify I am modifying the correct settings for reducing alerts.
On May 2, 1:38 pm, "dan (ddp)" <ddp...@gmail.com> wrote: > Probably not. Some rules, like 1002, always send email. > On May 2, 2012 1:37 PM, "A-Dubbs" <arlendelcasti...@gmail.com> wrote: > > > > > > > > > Will increasing the log alert level from 1 to 7 in the /var/ossec/etc/ > > ossec.conf file reduce the number of alerts < level 7 to zero alerts? > > > On Apr 30, 2:56 pm, "dan (ddp)" <ddp...@gmail.com> wrote: > > > Modifying the default rules directly isn't encouraged. Your changes > > > will be overwritten on an upgrade. You should add custom rules to > > > /var/ossec/rules/local_rules.xml. You can create custom rules to look > > > for new things the default rules don't cover, or to ignore rules that > > > are already in place. > > > > On Mon, Apr 30, 2012 at 2:42 PM, A-Dubbs <arlendelcasti...@gmail.com> > > wrote: > > > > I'm looking for the rules file for adjusting what gets logged for > > > > Microsoft Windows systems. Is msauth_rules.xml the correct file?
