out.
> This one is a tough one to test due to 18152's structure. I'd consider
> taking out the hostname field to start with, maybe see if that helps.
>
>
>
> On Wed, Apr 21, 2010 at 1:56 PM, fusspils wrote:
> > Thanks for your reply Dan,
>
> > I hav
Thanks for your reply Dan,
I have just tried what you suggested but still get the mails. I
restarted the OSSEC server with the same results. The rule now
reads..
On Apr 21, 2:06 pm, "dan (ddp)" wrote:
> Have you tried adding 18152?
>
>
>
> On Wed, Apr 21,
I have added the following to my local_rules.xml but I continue to get
the alerts emailed, am I missing something else?
BDC|PDC
10
LTDPM1$
Ignoring DPM Backup User
On Apr 19, 3:38 pm, fusspils wrote:
> Hi,
>
> I am constantly getting the Rule: 18152 fired
e/ the backup machines user?
I have found a way to disable the rule from firing but would like to
just avoid this one user.
Fusspils
--
Subscription settings: http://groups.google.com/group/ossec-list/subscribe?hl=en
