I'd like use the method described at http://www.ossec.net/wiki/Know_How:GranularEmail to send windows-related messages to one group of people and linux-related messages to another group. I see that there's a 'windows' group already, so that I can just put this in ossec.conf:
<email_alerts> <email_to>[email protected]</email_to> <group>windows</group> </email_alerts> It doesn't look like there's an equivalent group for linux. Could one be created by doing something like the following in local_rules.xml? <group name="linux"> <group>linuxkernel</group> <group>syslog</group> <group>ftpd</group> <!-- etc... --> </group>
