Hi Tyoma, Take a look at the granular alerting options: http://www.ossec.net/wiki/Know_How:GranularEmail
That should do what you want. thanks, -- Daniel B. Cid dcid ( at ) ossec.net On Wed, Apr 7, 2010 at 12:28 PM, Tyoma Khmelnitsky <[email protected]> wrote: > Hello, > > I currently need to have ossec send the alert forward to a specific email > for a specific event out of the Syslog. In the ossec.conf I added an > <email_to> clause with the email and the severity level, but there it seems > like there is no <match> type of a clause to put there so it matches just a > specific rule out of syslog. Is it possible to somehow do this through > local_rules file? > > Thank you for your help, > Artyom > > > -- > To unsubscribe, reply using "remove me" as the subject. >
