Just wondering if anyone can help me identify as to why I'm not
receiving all email alerts from my Cisco router logs.
Here's a snip of my ossec.conf file:
<alerts>
<log_alert_level>1</log_alert_level>
<email_alert_level>1</email_alert_level>
</alerts>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/cisco.log</location>
</localfile>
Basically, I'm logging to syslog server running FreeBSD. It's logging
everything fine, but I'm not receiving email alerts for all messages
logged eventhough I've set the <email_alert_level> to 1. For example if
I enter global configuration mode on the router, this immediately gets
written to my syslog server and the router buffer as well - but why
isn't any email notification coming through for this sort of message? I
am receiving email alerts when someone tries to telnet to my router who
does not have access as seen below:
OSSEC HIDS Notification.
2007 Aug 17 17:41:26
Received From: xyz.com ->/var/log/cisco.log
Rule: 1002 fired (level 7) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Aug 17 17:41:26 xyz.com 681: Aug 17 17:41:24.776 AEST:
%SEC-6-IPACCESSLOGS: list 30 denied 124.254.75.141 1 packet
Thanks.
Andy
This email and any files transmitted with it are confidential and intended
solely for the
use of the individual or entity to whom they are addressed. Please notify the
sender
immediately by email if you have received this email by mistake and delete this
email
from your system. Please note that any views or opinions presented in this
email are solely
those of the author and do not necessarily represent those of the
organisation.
Finally, the recipient should check this email and any attachments for the
presence of
viruses. The organisation accepts no liability for any damage caused by any
virus
transmitted by this email.
