Hi! I'm trying to remove these notifications from mailscanner.
OSSEC HIDS Notification. 2017 Feb 14 06:29:41 Received From: hostname->/var/log/syslog Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." Portion of the log(s): Feb 14 06:29:39 hostname update.bad.phishing.sites: Phishing bad sites list updated --END OF NOTIFICATION I've tried to make a rule for it but it's not working. Any help is appreciated! <rule id="3752" level="0"> <if_sid>1002</if_sid> <match>update.bad.phishing.sites: Phishing bad sites list updated</match> <description>Ignore mailscanner update messages.</description> </rule> -- Göran Lundberg -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.