How to disable email alert level 2 in OSSEC HIDS
"Received From: srvcob->/var/log/messages Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
My server are sending a lot of level 2 alert emails. It’s so boring and in my point of view it’s completely unnecessary. So, how to disable it?
and then, edit this:
syslogd_rules.xml and comment this line:
<rule id="1002" level="2"> <match>$BAD_WORDS</match> <!-- <options>alert_by_email</options> --> <description>Unknown problem somewhere in the system.</description> </rule>
To restart the OSSEC service type: