On Wed, Dec 12, 2012 at 1:56 PM, Leonardo Pezente <[email protected]> wrote: > im a noob in ossec, but i think it was a good idea to have in my nids > machine. > he is aready running, and now i want to him to send an e-mail of possible > problem, of he and my nids(snort) detect, but i dont have idea how to do > that. > i have snort send alerts to my syslog, and i put the syscheck in 1 hour. > i have create an e-mail just for that, and i have change the global for send > e-mail. > So, he will send e-mail every 0ne hour or i have to make more some think?
Where is the snort syslog logging to? Is OSSEC watching that location? What do the logs look like? Have you tried feeding them through ossec-logtest?
