On 06/10/2015 05:08 AM, H.Merijn Brand wrote: > Running ossec-hids-2.8.1 on OpenSUSE 13.2 > > I have several (trusted) IP's in /var/ossec/etc/ossec.conf's <whitelist> > section, like > > --8<--- > <global> > <white_list>127.0.0.1</white_list> > <white_list>^localhost.localdomain$</white_list> > <white_list>1.2.3.4</white_list> > : > -->8--- > > but ossec still spews lots of messages like <snipped>
Whitelisting is for active response, not alerts. Write some rules to filter out the alerts you don't want to see. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
