Yeah. So at least i'm not crazy then. Can anyone else confirm this behavior?
On Thu, Mar 7, 2013 at 9:48 PM, dan (ddpbsd) <ddp...@gmail.com> wrote: > > > On Thursday, March 7, 2013 10:43:35 PM UTC-5, Michael Lubinski wrote: >> >> So using srcip in this way wont work? >> >> > Your initial email suggests that this does not work. > > >> On Thu, Mar 7, 2013 at 9:41 PM, dan (ddpbsd) <ddp...@gmail.com> wrote: >> >>> >>> >>> On Thursday, March 7, 2013 10:32:51 PM UTC-5, Michael Lubinski wrote: >>>> >>>> Sorry i'm new to ossec. >>>> >>>> >>> I don't want to see logs generated by my scanner so TO and FROM the >>>> scanner IP. How can I tell where the process is breaking down? >>>> >>>> >>> Easier said than done. Take each log message you don't want to see and >>> create an ignore rule for it. It's a pain really. >>> >>> >>>> >>>> On Thu, Mar 7, 2013 at 9:30 PM, dan (ddp) <ddp...@gmail.com> wrote: >>>> >>>>> On Thu, Mar 7, 2013 at 10:20 PM, Michael Lubinski >>>>> <michael....@gmail.com> wrote: >>>>> > I cannot get a custom rule to work, a simple src or dst IP rule. >>>>> Whenever I >>>>> > try to add srcip to a rule its like the rule doesn't work. Here is an >>>>> > example >>>>> > >>>>> > <rule id="100031" level="0"> >>>>> > <srcip>x.x.x.x</srcip> >>>>> > <description>Ignoring traffic</description> >>>>> > </rule> >>>>> > >>>>> > >>>>> >>>>> What is the ultimate goal? Is srcip being decoded properly? What log >>>>> message is getting through that you don't want to see? Why do I have >>>>> to ask you to provide this information? >>>>> >>>>> > -- >>>>> > >>>>> > --- >>>>> > You received this message because you are subscribed to the Google >>>>> Groups >>>>> > "ossec-list" group. >>>>> > To unsubscribe from this group and stop receiving emails from it, >>>>> send an >>>>> > email to ossec-list+...@**googlegroups.**com. >>>>> >>>>> > For more options, visit >>>>> > https://groups.google.com/**grou**ps/opt_out<https://groups.google.com/groups/opt_out> >>>>> . >>>>> > >>>>> > >>>>> >>>>> -- >>>>> >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "ossec-list" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to ossec-list+...@**googlegroups.**com. >>>>> >>>>> For more options, visit >>>>> https://groups.google.com/**grou**ps/opt_out<https://groups.google.com/groups/opt_out> >>>>> . >>>>> >>>>> >>>>> >>>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to ossec-list+...@**googlegroups.com. >>> For more options, visit >>> https://groups.google.com/**groups/opt_out<https://groups.google.com/groups/opt_out> >>> . >>> >>> >>> >> >> -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
