Hi All, I have set up a central "server" and several "agent" OSSEC hosts and OSSEC-WUI and I can see them in the UI, but I have a question relating to alerts.
Previously I had the agents configured as "local" OSSEC hosts and the alerts from them were obviously from each individual host, but now I have a server and agent setup, I see alerts from the agents, but all alerts I've seen so far, contain the wrong details in the subject line: - "Subject: OSSEC Notification - (Hathor) 10.0.2.10 - Alert level 10" This email alert actually contained many alerts, for multiple hosts, but the subject is quite misleading. Have I done something wrong and what can I do to make the alert subject a bit less misleading? I'd actually prefer to see individual alerts anyway, so I can easily scan through them and tune out (using some ruleset) those that are not important. Is this possible? Cheers, -- ChrisP
