Hi OSSEC List, I am new to OSSEC. I have it running on a few Linux and Windows hosts with more or less the default settings and I am very happy with it. I notice that when I log in to the OSSEC server I immediately receive an email notifying me that someone has logged in:
Received From: [email protected]>/var/log/secure<mailto:[email protected]%3e/var/log/secure> Rule: 10100 fired (level 4) -> "First time user logged in." I'd like to receive these notifications for all Linux agents, not just the server. How can I achieve this? "/var/log/secure" is specified for monitoring on both the server and the agents already but I only get the email notifications for the server. TIA and best regards, Max Williams
