Hi Fredrik, check out the documentation about *integrator* : https://documentation.wazuh.com/current/user-manual/manager/output-options/manual-integration.html
I hope it helps. Regards. On Monday, May 22, 2017 at 4:53:56 PM UTC+2, Fredrik Hilmersson wrote: > > Hello Miguelangel! > > I do not see any new rows regarding the agent-ossec.com (within the host > active-response.log, only in the alerts.log). > > Here's what you asked for from the ../etc/ossec.conf (server host) > > <command> > > <name>ossec-slack</name> > > <executable>ossec-slack.sh</executable> > > <expect></expect> <!-- no expect args required --> > > <timeout_allowed>no</timeout_allowed> > > </command> > > > <active-response> > > <command>ossec-slack</command> > > <location>local</location> > > <level>7</level> > > </active-response> > > Kind regards, > Fredrik > > Den måndag 22 maj 2017 kl. 16:47:54 UTC+2 skrev Miguelangel Freitas: >> >> Hi Fredrik, >> >> Can you see in logs/active-responses.log any new row regarding ( >> agent-ossec.com)? >> >> Could you share <command></command> and >> <active-response></active-response> from etc/ossec.conf regarding slack >> notification?, >> thanks. >> >> Regards, >> >> On Sun, May 21, 2017 at 4:18 PM, Fredrik Hilmersson < >> f.hilm...@worldclearing.org> wrote: >> >>> I set up a OSSEC server along with an remote agent. The alert log file >>> is populated with alerts regarding both the host and the agent. However, >>> the integrated slack notification script only send reports regarding the >>> host. The only difference within the log is how the hostnames are >>> displayed, e.g., 2017-05-10, host-ossec.com.. and 2017-05-10, ( >>> agent-ossec.com). Is there anything i'm missing regarding my setup >>> which causes the script to dismiss the agent alerts? Any tip or help is >>> greatly appreciated. >>> >>> Kind regards, >>> Fredrik >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to ossec-list+...@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
