Adding to this discussion, is it possible to have one particular rule
ID email me at [EMAIL PROTECTED] and not email the default email
address [EMAIL PROTECTED]
I've applied the following rules below to ossec.conf and it's working
ok but I'm getting two emails - one is sent to [EMAIL PROTECTED]
based on the <global> rules and another sent to my email address based
on the <email_alerts> rule. I just want rule id 100002 to be sent to
my personal email address and not the entire sysadmin email address???
Thanks.
<global>
<email_notification>yes</email_notification>
<email_to>[EMAIL PROTECTED]</email_to>
<smtp_server>mail.mydomain.com</smtp_server>
<email_from>[EMAIL PROTECTED]</email_from>
</global>
<email_alerts>
<email_to>[EMAIL PROTECTED]</email_to>
<rule_id>100002</rule_id>
<do_not_delay />
<do_not_group />
</email_alerts>
<alerts>
<log_alert_level>1</log_alert_level>
<email_alert_level>4</email_alert_level>
</alerts>
