Dan, > -----Original Message----- > From: dan (ddp) [mailto:[email protected]] > Sent: Wednesday, March 02, 2011 2:11 PM > To: [email protected] > Subject: Re: [ossec-list] Linux group? > > Hi Nate, > > On Wed, Mar 2, 2011 at 12:45 PM, Nate Woodward > <[email protected]> wrote: > > I'd like use the method described at > > http://www.ossec.net/wiki/Know_How:GranularEmail to send > > windows-related messages to one group of people and linux-related > > messages to another group. I see that there's a 'windows' group > > already, so that I can just put this in ossec.conf: > > > > <email_alerts> > > <email_to>[email protected]</email_to> > > <group>windows</group> > > </email_alerts> > > > > It doesn't look like there's an equivalent group for linux. > Could one > > be created by doing something like the following in local_rules.xml? > > > > <group name="linux"> > > <group>linuxkernel</group> > > <group>syslog</group> > > <group>ftpd</group> > > <!-- etc... --> > > </group> > > > > No, I don't think that would work. > > The appropriate place for email distribution lists is on the > email server. Look into creating a distribution list for the > linux admins. > That type of thing would also be useful for all sorts of > things like helpdesk ticket assignment emails, Nagios > notification emails, etc. >
I'm not asking about somehow creating a distribution list within OSSEC. I'm looking for the best way to pick out email alerts that only linux admins would be interested in, for use with the <email_alerts> tag.
