Re: [ossec-list] Email Notifications

Wed, 23 Jun 2010 08:19:01 -0700 

What are your email setting ?
If your email is the one in the
<global>
  <email_notification>

you will get notifications about restarts .

Assaf

Michael Whitehead wrote:

Hello, each time a go to restart my Ossec, I get a notification


Received From: ossec->ossec-monitord
Rule: 502 fired (level 3) -> "Ossec server started."
Portion of the log(s):

ossec: Ossec started.

i also get a level 5 notifications:

OSSEC HIDS Notification.
2010 Jun 21 10:03:25

Received From: ossec->/var/log/secure
Rule: 5710 fired (level 5) -> "Attempt to login using a non-existent user"
Portion of the log(s):
Jun 21 10:03:24 ossec sshd[18609]: Failed password for invalid user jimbo from 130.68.4.108 port 50939 ssh2 



 --END OF NOTIFICATION



OSSEC HIDS Notification.
2010 Jun 21 10:03:27

Received From: ossec->/var/log/secure
Rule: 5504 fired (level 5) -> "Attempt to login with an invalid user."
Portion of the log(s):
Jun 21 10:03:26 ossec sshd[18609]: pam_unix(sshd:auth): check pass; user unknown 



 --END OF NOTIFICATION



OSSEC HIDS Notification.
2010 Jun 21 10:03:27

Received From: ossec->/var/log/secure
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
i have everything set where it should not send me notifications for anything under level 7. and i have tried the different suggestions with no luck. would the best choice of action be copy these rules, and then put them into the local_rules.xml files and then add in the do not email?
Michael 

--
Assaf Flatto Linux System Administrator 
No.9 | 6 Portal Way | London | W3 6RU |
T: +44 (0)20 88 96 8014 | M: +44 (0)75 3568 1067
I am doing a Charity Bike ride On the 27 of June for the Capital to Coast Charity. Please help by Donating http://www.justgiving.com/Lovefilm-capital-to-coast 

-----------------------------------------------------------------------------------------------------------------------------------------
LOVEFiLM UK Limited is a company registered in England and Wales. Registered Number: 06528297. Registered Office: No.9, 6 Portal Way, London W3 6RU, United Kingdom.
This e-mail is confidential to the ordinary user of the e-mail address to which it was addressed. If you have received it in error, please delete it from your system and notify the sender immediately. 

This email message has been delivered safely and archived online by Mimecast.
For more information please visit http://www.mimecast.co.uk -----------------------------------------------------------------------------------------------------------------------------------------

Reply via email to