Hello, i am new to ossec and since I notice I get huge amount of mails with alert reports I was wondering if ossec has the following capability built in : to configure it to send a single email with all alerts from wanted rules in a time range (ie day/week) instead of a single mail for every alert (except level 10 alerts which i want to be informed immediately). I can think one solution is to disable alert_by_email or set it to send only level 10 alerts and form cron jobs with linux commands like here : http://www.ossec.net/dcid/?p=153 . I just want all alerts between ie level 5 - level 9 to be queued and mailed in a single mail message every day and level 10 alerts to be mailed immediately. Is there any other solutions/suggestions?
Thanks in advance
