Hi, I am getting this alert form all the hosts -
*Mar 29 13:30:02 cmcloud kernel: [885866.238608] type=1400 audit(1459258202.301:67688): apparmor="DENIED" operation="ptrace" profile="docker-default" pid=21882 comm="ps" requested_mask="trace" denied_mask="trace" peer="unconfined"* to disable this alerts i have written this - *<rule id="1000500" level="7">* *<options>no_email_alert</options>* *<match>apparmor="DENIED" profile="docker-default"</match>* *<description>IGNORED RULE</description>* *</rule>* and restarted the ossec master service, still getting same alert what am i missing here ? -- Regards, Sandeep -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.