On Sat, Oct 23, 2010 at 11:27 PM, Jeremy Lee <[email protected]> wrote: > It shows it is here: > http://www.ossec.net/wiki/Know_How:GranularEmail > > example: > > <email_alerts> > <email_to>[email protected]</email_to> > <rule_id>123, 124</rule_id> > <do_not_delay /> > <do_not_group /> > </email_alerts> > > Was that a mistake in the older doc? > > BTW: is there a way to get OSSEC to log/email alerts in a specific time > window (i.e. between 8am-5pm) ? >
In my other email I meant set <email_alert_level> to a lower number to see if that helps. It looks like analysisd only compares the rule's level to <email_alert_level> to decide whether to send out an email or not. I'm going to ask for confirmation before updating the docs with this information. I don't see an option to email during a certain time, but there are options for the rules to only fire during certain times.
