Sorry to say this after posting to the list. I figured out how to group alerts. I am still a bit vague on the grouping and centralized management of the rules for remote servers running OSSEC agents.
On Wed, Dec 30, 2009 at 1:06 PM, Nicholas Ritter <[email protected]>wrote: > Is there a way to (in OSSEC v2.3) group servers/agents for alert > notification and rule customization/execution? I noticed that I can do it > based on event severity, but is it possible to do it based on individual > servers, or groups of servers? > > > > I have a centralized OSSEC system with OSSEC agents running on various > platforms, and I want to be able to send alerts for specific servers to > specific people. > > > > Ideally I would also like to be able to customize rules for specific > servers, but from the central OSSEC server. I know I can do this by editing > the rules on the remote server, but I though I read somewhere that I can do > this on the central server as well? > > > > Nick >
