On Tue, Jul 24, 2012 at 4:15 PM, Leonardo Bacha Abrantes <[email protected]> wrote: > Hi people, > > I was using tcpdump on my server and I received a lot of messages about > promiscuous mode. > > Received From: (MyServer) 192.168.120.125 ->/var/log/messages > Rule: 5104 fired (level 8) -> "Interface entered in promiscuous(sniffing) > mode." > Portion of the log(s): > Jul 24 15:04:13 myserver kernel: device eth0 entered promiscuous mode > > Is possible to configure ossec client to send just one email instead of many > ? > > > Many thanks! > > > >
The agent (client) shouldn't send any emails. You can configure the ossec server to send out 1 email in x seconds if you'd like. Just create a rule that ignores the alerts for a while.
