Hi people!
I have set up OSSEC HIDS alerts on my OpenSearch, on one of my EC2 instances I have several snap partition.
This causes OSSEC to send many disk space alerts about snapshots because it does not ignore those disks.
@message
{"rule":{"level":7,"comment":"Partition usage reached 100% (disk space monitor).","sidid":531},"location":"df -P","full_log":"ossec: output: 'df -P': /dev/loop5 108416 108416 0 100% /snap/core/16091"}
How and where should I configure a rule/exception?
Thank you so much!