On Wed, Aug 17, 2016 at 2:50 PM, Pedro dal toe <pedrodal...@gmail.com> wrote: > We are making monitoring by the Zabbix where Zabbix logs in máquna SSH and > checks whether the line "INFO: Connected to the server" in > /var/ossec/logs/ossec.log file, but we are getting login alerts. > I sought some ignores or white lists, but found nehhum, if someone can help > me thank you. >
Without a log sample I can only provide a guess. Maybe something like this in local_rules.xml: <rule id="320000" level="0"> <if_sid>SID_OF_ALERT_YOU_ARE_SEEING</if_sid> <srcip>IP_OF_ZABBIX</srcip> <description>Ignore zabbix</description> </rule> > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.