Project

General

Profile

Bug #218

no way to ignore events

Added by admin admin about 16 years ago. Updated about 14 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Yoann VANDOORSELAERE
Target version:
0.9.9
Start date:
Due date:
% Done:

0%

Resolution:
fixed

Description

I'm trying to ignore cron events, for ex:

Apr 20 15:55:01 piche /USR/SBIN/CRONr29497: (root) CMD (/usr/share/vzctl/scripts/vpsreboot)

I've create a file cron.rules:

regex=CRON; \
 silent; \
 last

(tried with or without the silent line, no change)

and added the following to pcre.rules:

regex=CRON;                             include = cron.rules;

However, alerts are still sent to the manager (causing a nice flood of cron events ;)

prelude-lml 0.9.8.1 (debian unstable)

History

#1 Updated by Yoann VANDOORSELAERE about 16 years ago

  • Status changed from New to Closed
  • Resolution set to fixed

(In r9408) Handle last keyword even if the rule does not contain any IDMEF assignement. Fix #218.

#2 Updated by Yoann VANDOORSELAERE about 14 years ago

  • Project changed from PRELUDE SIEM to Prelude-LML
  • Category deleted (4)
  • Target version deleted (0.9.9)

Also available in: Atom PDF