I would do something like this not sure if it is proper way. <rule id="101016" level="0"> <if_sid>1002</if_sid> <hostname>server1</hostname> <match>Invalid command opcode:opcode=0x4D</match> <description>Ignore</description> </rule>
On Friday, June 26, 2015 at 3:52:09 AM UTC-6, Wforum Wforum wrote: > > Hi, > > I have a lot of errors in our syslog but they are not really an issue > But I get lots of emails about it. How can I ignore these error so I don't > get these mails anymore > > example > > Level: 2 - Unknown problem somewhere in the system. > Rule Id:1002 > Location:(server1) 192.168.99.87->/var/log/messages > Jun 25 23:02:48 server1 kernel: [1390135.682019] 3w-9xxx: scsi0: ERROR: ( > 0x03:0x0101): Invalid command opcode:opcode=0x4D > > Is there a way to suppress these messages. > > Thanks!! > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.