Nevermind, I think that's it... one question on the "<weekday>" flag though. What parameter would I use for the actual weekdays? Just "weekday" or "weekdays" ? In the example, it lists specific days and "weekends"
On Mon, Oct 25, 2010 at 1:21 PM, Jeremy Lee <[email protected]> wrote: > Thanks Dan... btw, is the option to have a rule fire at a specific time > just "<time>" within the rule ID itself? > > http://www.mail-archive.com/[email protected]/msg07544.html > > > > > > On Sun, Oct 24, 2010 at 1:09 PM, dan (ddp) <[email protected]> wrote: > >> On Sat, Oct 23, 2010 at 11:27 PM, Jeremy Lee <[email protected]> wrote: >> > It shows it is here: >> > http://www.ossec.net/wiki/Know_How:GranularEmail >> > >> > example: >> > >> > <email_alerts> >> > <email_to>[email protected]</email_to> >> > <rule_id>123, 124</rule_id> >> > <do_not_delay /> >> > <do_not_group /> >> > </email_alerts> >> > >> > Was that a mistake in the older doc? >> > >> > BTW: is there a way to get OSSEC to log/email alerts in a specific time >> > window (i.e. between 8am-5pm) ? >> > >> >> In my other email I meant set <email_alert_level> to a lower number to >> see if that helps. It looks like analysisd only compares the rule's >> level to <email_alert_level> to decide whether to send out an email or >> not. I'm going to ask for confirmation before updating the docs with >> this information. >> >> I don't see an option to email during a certain time, but there are >> options for the rules to only fire during certain times. >> > >
