Hi,
I'd like to disable alerts for just my Windows hosts. I'm using a
centralized configuration, so in /var/ossec/etc/shared/agent.conf I
set this:
<agent_config os="Windows">
<alerts>
<log_alert_level>1</log_alert_level>
<!-- Disable email alerts for Windows -->
<email_alert_level>0</email_alert_level>
</alerts>
</agent_config>
Then restarted ossec and checked md5sum of agent.conf to ensure the
Windows host got the update, but it still sends me emails.
Is this not something that can be done as a centralized config, i.e.
must be done on the master OSSEC server? If so what conf file should
it go in, and what is the proper xml syntax?
Thanks all,
banjer
