Hi,
I'm trying to configure email alerts. I want to use granular alerting, so
that specific alerts (i.e. Cisco) go to specific teams. I only want
specific alert groups generating emails, not everything. I've enabled the
global alerts, and tested that it works globally by
adding <email_alert_level>9</email_alert_level>. This works fine.
What I'm trying to do now is change it to only send alerts that match a
single group and level, and no others. I have email_notification, email_to
and smtp_server set in the global. I have removed email_alert_level, and
added a new email_alert
<global>
<email_notification>yes</email_notification>
<email_to>account1@domain</email_to>
<smtp_server>server</smtp_server>
<email_from>ossec@domain</email_from>
</global>
...snip...
<alerts>
<log_alert_level>3</log_alert_level>
</alerts>
...snip...
<email_alerts>
<email_to>account2@domain</email_to>
<group>cisco-ios</group>
<level>9</level>
</email_alerts>
emails are being generated, but they are going to account1@domain, rather
than account2@domain.
What am I missing?
Thanks,
C
