On Wed, Oct 24, 2012 at 6:09 AM, Chris H <[email protected]> wrote: > Hi, > > I'm trying to configure email alerts. I want to use granular alerting, so > that specific alerts (i.e. Cisco) go to specific teams. I only want > specific alert groups generating emails, not everything. I've enabled the > global alerts, and tested that it works globally by adding > <email_alert_level>9</email_alert_level>. This works fine. > > What I'm trying to do now is change it to only send alerts that match a > single group and level, and no others. I have email_notification, email_to > and smtp_server set in the global. I have removed email_alert_level, and > added a new email_alert > > <global> > <email_notification>yes</email_notification> > <email_to>account1@domain</email_to> > <smtp_server>server</smtp_server> > <email_from>ossec@domain</email_from> > </global> > ...snip... > <alerts> > <log_alert_level>3</log_alert_level> > </alerts> > ...snip... > <email_alerts> > <email_to>account2@domain</email_to> > <group>cisco-ios</group>
Are you sure you have rules in a cisco-ios group? Can you provide samples of the alerts you are expecting to go to this email address? > <level>9</level> > </email_alerts> > > emails are being generated, but they are going to account1@domain, rather > than account2@domain. > > What am I missing? > > Thanks, > > C
