Re: [ossec-list] OSSEC slack alerts for agents v2.9.0

Mon, 22 May 2017 07:54:08 -0700 

Hello Miguelangel!

I do not see any new rows regarding the agent-ossec.com (within the host 
active-response.log, only in the alerts.log).

Here's what you asked for from the ../etc/ossec.conf (server host)

    <command>

        <name>ossec-slack</name>

        <executable>ossec-slack.sh</executable>

        <expect></expect> <!-- no expect args required -->

        <timeout_allowed>no</timeout_allowed>

    </command>


    <active-response>

        <command>ossec-slack</command>

        <location>local</location>

        <level>7</level>

    </active-response>

Kind regards,
Fredrik

Den måndag 22 maj 2017 kl. 16:47:54 UTC+2 skrev Miguelangel Freitas:
>
> Hi Fredrik,
>
> Can you see in logs/active-responses.log any new row regarding (
> agent-ossec.com)?
>
> Could you share <command></command> and 
> <active-response></active-response> from etc/ossec.conf regarding slack 
> notification?, 
> thanks.
>
> Regards,
>
> On Sun, May 21, 2017 at 4:18 PM, Fredrik Hilmersson <
> f.hilm...@worldclearing.org <javascript:>> wrote:
>
>> I set up a OSSEC server along with an remote agent. The alert log file is 
>> populated with alerts regarding both the host and the agent. However, the 
>> integrated slack notification script only send reports regarding the host. 
>> The only difference within the log is how the hostnames are displayed, 
>> e.g., 2017-05-10, host-ossec.com.. and 2017-05-10, (agent-ossec.com). Is 
>> there anything i'm missing regarding my setup which causes the script to 
>> dismiss the agent alerts? Any tip or help is greatly appreciated.
>>
>> Kind regards,
>> Fredrik
>>
>> -- 
>>
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ossec-list+...@googlegroups.com <javascript:>.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to