duh. I don't know what I was thinking. Sorry for the stupid reply.
On Wed, Mar 2, 2011 at 3:45 PM, Nate Woodward <[email protected]> wrote: > Dan, > >> -----Original Message----- >> From: dan (ddp) [mailto:[email protected]] >> Sent: Wednesday, March 02, 2011 2:11 PM >> To: [email protected] >> Subject: Re: [ossec-list] Linux group? >> >> Hi Nate, >> >> On Wed, Mar 2, 2011 at 12:45 PM, Nate Woodward >> <[email protected]> wrote: >> > I'd like use the method described at >> > http://www.ossec.net/wiki/Know_How:GranularEmail to send >> > windows-related messages to one group of people and linux-related >> > messages to another group. I see that there's a 'windows' group >> > already, so that I can just put this in ossec.conf: >> > >> > <email_alerts> >> > <email_to>[email protected]</email_to> >> > <group>windows</group> >> > </email_alerts> >> > >> > It doesn't look like there's an equivalent group for linux. >> Could one >> > be created by doing something like the following in local_rules.xml? >> > >> > <group name="linux"> >> > <group>linuxkernel</group> >> > <group>syslog</group> >> > <group>ftpd</group> >> > <!-- etc... --> >> > </group> >> > >> >> No, I don't think that would work. >> >> The appropriate place for email distribution lists is on the >> email server. Look into creating a distribution list for the >> linux admins. >> That type of thing would also be useful for all sorts of >> things like helpdesk ticket assignment emails, Nagios >> notification emails, etc. >> > > I'm not asking about somehow creating a distribution list within OSSEC. > I'm looking for the best way to pick out email alerts that only linux > admins would be interested in, for use with the <email_alerts> tag. > >
