Hello again Jesus, As I did state, so we're not misunderstanding each other, I do not run the wazuh forked version, but the 2.9.0 OSSEC version. This is the configuration settings i've got:
ossec-slack.sh SLACKUSER="ossec" CHANNEL="#channel" SITE="https://hooks.slack.com/services/..." SOURCE="ossec2slack" ossec.conf <command> <name>ossec-slack</name> <executable>ossec-slack.sh</executable> <expect></expect> <!-- no expect args required --> <timeout_allowed>no</timeout_allowed> </command> <active-response> <command>ossec-slack</command> <location>local</location> <level>7</level> </active-response> Kind regards, Fredrik Den tisdag 23 maj 2017 kl. 11:08:51 UTC+2 skrev Jesus Linares: > > Hi Fredrik, > > this is the flow: > > - The integrator reads the alerts from alerts*.log *filtering by > *rule_id*, *level*, *group *or *event_location*. > - It executes the script using the arguments *hook_url *and *api_key*. > - The slack script send the alert to slack. > > Clarification: The host specific alerts are sent to slack but the agent >> alerts are being ignored. > > Review your integrator configuration, maybe you have a filter to get only > alerts in the current host. Share here the config. > > Regards. > > > On Tuesday, May 23, 2017 at 10:55:55 AM UTC+2, Fredrik Hilmersson wrote: >> >> Clarification: The host specific alerts are sent to slack but the agent >> alerts are being ignored. >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.