-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Oct 23, 2010, at 1:38 AM, jplee3 wrote: > I have a couple questions: > > 1) Is there a way to suppress the body of the OSSEC log so that it > doesn't necessarily appear in the email? I'm setting up alerting via > SMS but the long log messages causes the SMS to get cut off.
There is an sms format option you can use, though I'm not sure what it does to the message, exactly. You can find info here : http://www.ossec.net/doc/manual/output/granular-email-output.html > 2) Do the "<alert>" levels in the ossec.conf affect whether emails go > out if using the "<email_alert>" option? I have the alert levels set > to the default (1=log and 7=email). I was testing out one of the rules > and set the alert level to "6" and no emails were sent when it > tripped. I changed it to alert level "10" and got an email doing that > though. My understanding was that the email_alert option should be > independent of the <alert> setting. The email setting determines what level alerts are sent via email. So, the default setting of 7 means that an alert of level 7 or more is sent via email. This is why your level 6 alert did not get emailed. It should have ended up in the log, however. > TIA! - --------------------------- Jason 'XenoPhage' Frisvold [email protected] - --------------------------- "Any sufficiently advanced magic is indistinguishable from technology." - - Niven's Inverse of Clarke's Third Law -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iEYEARECAAYFAkzC7U8ACgkQ8CjzPZyTUTSO/ACfUqTWMfD0RhZFsCwTzLjg1fzF V9AAnikOD8eviR/DyB6TsxFQUtsROVLf =YPmH -----END PGP SIGNATURE-----
