Dan, I have yet to implement version 2 of the software, but I know in version 1.6 there was a default of 12 emails per hour or something along those lines.
You can look into the <email_maxperhour> tag that goes in the global section of the config and set that to something really high, say 9999. Jimi Dan Gherman wrote: > Hello, > I'm using the latest ossec (2.0) in this setup : one server and a few agents > connected to it . > Today,a strange issue occured : no more emails are sent when an event is > detected .Nothing changed,nobody modified the files .In the webui and > alerts.log the events show up . > In the ossec.log there is nothing noticing a problem .Also,in my maillog I > don't see any request from ossec for connection . > The email related part from ossec.conf looks like : > > <ossec_config> > <global> > <email_notification>yes</email_notification> > <email_to>r...@localhost</email_to> > <smtp_server>127.0.0.1</smtp_server> > <email_from>[email protected]</email_from> > </global> > <email_alerts> > <email_to>[email protected]</email_to> > <event_location>dan-home</event_location> > <level>2</level> > <do_not_delay /> > </email_alerts> > <email_alerts> > <email_to>[email protected]</email_to> > <event_location>agent1|agent2|agent3</event_location> > <level>2</level> > <do_not_delay /> > </email_alerts> > > I've seen that restarting ossec-control from server solves the > problem...temporary. In a few minutes it stops sending emails again . > > Where should I look to solve this ? > Thank you very much ! > >
