Wonderful, thanks a lot!
My solution to the problem was to change the level to 5 instead of 10 for the rule, as alerts of level 6 and above (default setting) triggered a block of IP.
Search found 3 matches
- Wed Jul 13, 2022 3:53 am
- Forum: Atomic OSSEC
- Topic: Matching certain rule crashes the system
- Replies: 5
- Views: 60999
- Wed Jul 06, 2022 9:44 am
- Forum: Atomic OSSEC
- Topic: Matching certain rule crashes the system
- Replies: 5
- Views: 60999
Re: Matching certain rule crashes the system
Yes, active response is on, and it looks like from the log that I have been blocking my own IP when triggering the rule... :o That actually explains a lot. Thanks for the help! Now I have to figure out how to not block an IP for triggering this error a single time. Any suggestions on which predefine...
- Wed Jul 06, 2022 4:45 am
- Forum: Atomic OSSEC
- Topic: Matching certain rule crashes the system
- Replies: 5
- Views: 60999
Matching certain rule crashes the system
Hi, I'm fairly new to OSSEC. I have a local OSSEC installation on a ubuntu machine that acts as an apache web server. I'm trying to identify fatal PHP errors through the apache error log, and for this purpose I created a local rule (var/ossec/rules/local_rules.xml) as follows: <rule id="100103&...