On Wed, 12 Jan 2011 18:00:58 -0000 "Hugo Ferreira" <[email protected]> wrote:
> Hello, > > Is it possible to filter which alerts are send to the email by the > alert text? > > Example: > > Send via email every alert with level 10 or higher except those who > have the string “XPTO” in the text. > > Thanks in advance, IMHO this kind of task would be dedicated to a mail processing. For example (1) disable grouping. See http://www.ossec.net/wiki/Know_How:Email#Email_subject_shows_a_different_level_from_the_email_body (2) set up mail filters. See as an example https://github.com/icy/ossec-hids/blob/v2.5.0/doc/mail_notification.txt Hope this helps, -- Anh Ky Huynh @ UTC+7
