X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=roles%2Faudit%2Ftemplates%2F33-avoid-flood.rules.j2;fp=roles%2Faudit%2Ftemplates%2F33-avoid-flood.rules.j2;h=ae877391865e0cedb92ed6f274a1f1fafa7f7384;hb=74a49ba6ef2ea715fa492db0bcd85c30398688e8;hp=0000000000000000000000000000000000000000;hpb=a936af362724cca0c5dc2c424902d398f9833410;p=ta%2Finfra-ansible.git

diff --git a/roles/audit/templates/33-avoid-flood.rules.j2 b/roles/audit/templates/33-avoid-flood.rules.j2
new file mode 100644
index 0000000..ae87739
--- /dev/null
+++ b/roles/audit/templates/33-avoid-flood.rules.j2
@@ -0,0 +1,4 @@
+## The purpose of this rule is to exclude reports that flooding normally the audit
+-a never,exit -F arch=b32 -S setsockopt
+-a never,exit -F arch=b64 -S setsockopt
+-a always,exclude -F msgtype=netfilter_cfg