Ok, not so much ignore, I am looking for a way to ban permanently any IP that tries to log in as root, but have a short ban for anyone just forgetting the password, fail more than 3 times and they get an increasing delay.
Ashley Drees 07956726775 > On 29 Jul 2015, at 13:31, Brent Morris <[email protected]> wrote: > > That won't work... > > I typically will overwrite an alert level if I want to ignore certain users. > > http://ossec-docs.readthedocs.org/en/latest/syntax/head_rules.html > > >> On Wednesday, July 29, 2015 at 3:09:43 AM UTC-7, Ashley Drees wrote: >> can i use <user>!root</user> in a rule to NOT match user root? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
