Rule to ignore snap partition on HIDS events

Hi people!

I have set up OSSEC HIDS alerts on my OpenSearch, on one of my EC2 instances I have several snap partition.

This causes OSSEC to send many disk space alerts about snapshots because it does not ignore those disks.

@message
{"rule":{"level":7,"comment":"Partition usage reached 100% (disk space monitor).","sidid":531},"location":"df -P","full_log":"ossec: output: 'df -P': /dev/loop5          108416   108416         0     100% /snap/core/16091"}

How and where should I configure a rule/exception?

Thank you so much!

Topics

Serverless Analytics

Relevant content

Greengrass Snap on Ubuntu Core cannot execute NodeJS lambdas
Jips71
asked 5 years ago
setting alerts on opensearch dashboard and notifying through mail
rePost-User-6327287
asked 2 years ago
How can I resolve issues with ESA Snap on my AWS EC2 Windows Instance?
ika001
asked a year ago
Lambda Snap Start Restore Duration
AGS
asked 8 months ago
How do I monitor changes to security groups set up on my EC2 Linux instance using EventBridge and Amazon SNS?
AWS OFFICIALUpdated 3 years ago
How do I set up Amazon Inspector Classic to run security assessments on my Amazon EC2 instances?
AWS OFFICIALUpdated 2 years ago
What are the best practices to set up an email server on my EC2 Linux instance?
AWS OFFICIALUpdated 9 months ago
How do I use a partition on my hard drive to allocate memory to work as swap space on an Amazon EC2 instance?
AWS OFFICIALUpdated 10 months ago
VMware on AWS - How to restore NSX DFW firewall rules to previous state
EXPERT
Jagadeesh_Devaraj
published 9 months ago
Recovering a VMware Cloud on AWS VM backup to EC2 using AWS Backup
EXPERT
apylnev
published a year ago