Hi Nick, You can ungroup them globally by changing the file internal_options.conf (or creating a new one, local_internal_options.conf) and setting the value of maild.groupping to 0:
# Maild grouping (0=disabled, 1=enabled) # Groups alerts within the same e-mail. maild.groupping=1 By doing this the emails are not going to be grouped anymore. You also need to modify ossec.conf and set <email_maxperhour> to a large value (like 9999), because the default is maximum of 12 emails per hour and all the others are grouped. Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On Wed, Apr 1, 2009 at 3:14 PM, Nick Stockhaus <[email protected]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > The email grouping would be OK, if the only alerts in each email were > related to the hostname in the subject. An email having SERVER1 as the > subject may contain a single message from SERVER1, but then 15 messages > about SERVER2. If I could A) make these emails group alerts, but only > by host; or B) ungroup them completely, that would be very helpful. I > see that the is the do_not_group option, but that does not apply > globally. Does anybody know of a good way to accomplish A or B (while > avoiding duplicate emails), so it acts as a global setting? > > Thank you, > > Nick > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFJ068XkDsgSbs0/aYRArQLAKDNQE8W6s7beGdShMs03voezF3dHwCfRz1L > 63Rl+YNEi4X4EoPuH21mI7Y= > =jNdq > -----END PGP SIGNATURE----- >
