Hi.
I have ossec installed to monitor Active Directory.
I would like to have differenet emails sent to different people.
I have checked the ossec book and the manual but I still have an issue.
In the global section I have myself (m...@xxx...) as the primary email account
and I get all emails.
I have another email address called (itsupp...@xxx...) as a secondary
address.
I would like itsupport to get emails when rule 624 and 630 come up...
My config file below shows what is set up..
In the gobal section I have "me" and then in the <email_alerts> section I
have the it support email address.
<ossec_config>
<global>
<email_notification>yes</email_notification>
<email_to>[email protected]</email_to>
<smtp_server>mailserver1.xxx.xxx.xxx</smtp_server>
<email_from>[email protected]</email_from>
<email_maxperhour>20</email_maxperhour>
</global>
<email_alerts>
<email_to>[email protected]</email_to>
<rule_id>624,630</rule_id>
<do_not_delay />
<do_not_group />
</email_alerts>
My issues area:
1) Itsupport never gets emailed
2) Should the itsupport email definition be in the global section (I
believed I tried but that it did not work)?
3) If 2) is wrong where do you define this email setting?
4) Under <rule_id>, is this how you define diffenet rules e.g separated by
comma?
Thank for your help.
Louis
