Many thanks, I have set it to: <email_maxperhour>3600</email_maxperhour> -- ChrisP
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of dan (ddp) Sent: 27 July 2011 00:37 To: [email protected] Subject: Re: [ossec-list] Notification alert email subject misleading http://www.ossec.net/doc/syntax/head_ossec_config.reports.html#element-email_maxperhour It goes in the global section. On Tue, Jul 26, 2011 at 7:22 PM, Chris Phillips <[email protected]> wrote: > Perfect, thanks! > > I haven't found an option to tweak max emails per hour, but I'm hoping to > tune out "noise" so the number of emails should be minimal. > > Cheers, > -- > ChrisP > > Chris Phillips > Service Designer, intY Ltd. > +44 (0)1454 640 532 > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of dan (ddp) > Sent: 26 July 2011 20:21 > To: [email protected] > Subject: Re: [ossec-list] Notification alert email subject misleading > > Turn off email grouping. In /var/ossec/etc/internal_options.conf set: > maild.groupping=0 > > You may need to bump the max emails per hour, depending on how many > alerts you normally get. > > On Tue, Jul 26, 2011 at 10:59 AM, Chris Phillips > <[email protected]> wrote: >> Hi All, >> >> I have set up a central "server" and several "agent" OSSEC hosts and >> OSSEC-WUI and I can see them in the UI, but I have a question relating to >> alerts. >> >> Previously I had the agents configured as "local" OSSEC hosts and the alerts >> from them were obviously from each individual host, but now I have a server >> and agent setup, I see alerts from the agents, but all alerts I've seen so >> far, contain the wrong details in the subject line: - >> >> "Subject: OSSEC Notification - (Hathor) 10.0.2.10 - Alert level 10" >> >> This email alert actually contained many alerts, for multiple hosts, but the >> subject is quite misleading. >> >> Have I done something wrong and what can I do to make the alert subject a >> bit less misleading? >> >> I'd actually prefer to see individual alerts anyway, so I can easily scan >> through them and tune out (using some ruleset) those that are not >> important. Is this possible? >> >> Cheers, >> -- >> ChrisP >> >> > > Scanned by MailDefender - managed email security from intY - > www.maildefender.net > > Information in this electronic mail is confidential and may be legally > privileged. It is intended solely for the addressee. Access to this mail by > anyone else is unauthorised. If you are not the intended recipient any use, > disclosure, copying or distribution of this message is prohibited and may be > unlawful. When addressed to our customers, any information contained in this > message is subject to intY's Terms & Conditions. Please rely on your own > virus scanning and procedures with regard to any attachments to this message. > > Scanned by MailDefender - managed email security from intY - > www.maildefender.net > > Scanned by MailDefender - managed email security from intY - www.maildefender.net Information in this electronic mail is confidential and may be legally privileged. It is intended solely for the addressee. Access to this mail by anyone else is unauthorised. If you are not the intended recipient any use, disclosure, copying or distribution of this message is prohibited and may be unlawful. When addressed to our customers, any information contained in this message is subject to intY's Terms & Conditions. Please rely on your own virus scanning and procedures with regard to any attachments to this message. Scanned by MailDefender - managed email security from intY - www.maildefender.net
