I would do something like this not sure if it is proper way.
<rule id="101016" level="0">
<if_sid>1002</if_sid>
<hostname>server1</hostname>
<match>Invalid command opcode:opcode=0x4D</match>
<description>Ignore</description>
</rule>
On Friday, June 26, 2015 at 3:52:09 AM UTC-6, Wforum Wforum wrote:
>
> Hi,
>
> I have a lot of errors in our syslog but they are not really an issue
> But I get lots of emails about it. How can I ignore these error so I don't
> get these mails anymore
>
> example
>
> Level: 2 - Unknown problem somewhere in the system.
> Rule Id:1002
> Location:(server1) 192.168.99.87->/var/log/messages
> Jun 25 23:02:48 server1 kernel: [1390135.682019] 3w-9xxx: scsi0: ERROR: (
> 0x03:0x0101): Invalid command opcode:opcode=0x4D
>
> Is there a way to suppress these messages.
>
> Thanks!!
>
>
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
