On Wed, Apr 25, 2012 at 11:05 AM, Christina Plummer <[email protected]> wrote: > Ugh, please reply to this one and ignore the last one. I didn't > finish sanitizing the logs before hitting send. > >> Do you mean multiple log messages are included in one email or >> multiple OSSEC alerts? Can you provide an example? > > Sorry - yes, multiple log messages, from different servers, are > included in one email. >
That's the way the rules are intended to work. I don't know of a way to modify those rules to only combine logs from the same agent. [snip] > > That's a thought. Currently I install and configure OSSEC agents as > part of my Kickstart process, so I'd have to figure out some way to > "tag" which manager they should talk to. Are multiple OSSEC managers > completely separate, or is there any non-manual method for > coordinating them in terms of syncing rules and configs? > It's all manual. You could setup a simple rsync or scp. > Thanks, > Christina
