"Received From: srvcob->/var/log/messages Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
My server are sending a lot of level 2 alert emails. It’s so boring and in my point of view it’s completely unnecessary. So, how to disable it?
Go to
/var/ossec/rules
and then, edit this:
syslogd_rules.xml and comment this line:
<rule id="1002" level="2"> <match>$BAD_WORDS</match> <!-- <options>alert_by_email</options> --> <description>Unknown problem somewhere in the system.</description> </rule>
To restart the OSSEC service type:
/var/ossec/bin/ossec-control stop
/var/ossec/bin/ossec-control start
<< All Posts
Previous post:
How to block facebook to access your website using IPTABLES
How to block facebook to access your website using IPTABLES