Thank you Daniel. I knew about Granular, just was not aware of the rules
option. Thanks!
Daniel Cid wrote:
Hi Tyoma,
Take a look at the granular alerting options:
http://www.ossec.net/wiki/Know_How:GranularEmail
That should do what you want.
thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
On Wed, Apr 7, 2010 at 12:28 PM, Tyoma Khmelnitsky
<[email protected]> wrote:
Hello,
I currently need to have ossec send the alert forward to a specific email
for a specific event out of the Syslog. In the ossec.conf I added an
<email_to> clause with the email and the severity level, but there it seems
like there is no <match> type of a clause to put there so it matches just a
specific rule out of syslog. Is it possible to somehow do this through
local_rules file?
Thank you for your help,
Artyom
--
To unsubscribe, reply using "remove me" as the subject.
