Hi Nate, On Wed, Mar 2, 2011 at 12:45 PM, Nate Woodward <[email protected]> wrote: > I'd like use the method described at > http://www.ossec.net/wiki/Know_How:GranularEmail to send windows-related > messages to one group of people and linux-related messages to another > group. I see that there's a 'windows' group already, so that I can just > put this in ossec.conf: > > <email_alerts> > <email_to>[email protected]</email_to> > <group>windows</group> > </email_alerts> > > It doesn't look like there's an equivalent group for linux. Could one be > created by doing something like the following in local_rules.xml? > > <group name="linux"> > <group>linuxkernel</group> > <group>syslog</group> > <group>ftpd</group> > <!-- etc... --> > </group> >
No, I don't think that would work. The appropriate place for email distribution lists is on the email server. Look into creating a distribution list for the linux admins. That type of thing would also be useful for all sorts of things like helpdesk ticket assignment emails, Nagios notification emails, etc.
