On Jan 3, 2013 6:41 AM, "sercan acar" <[email protected]> wrote: > > Hi, > > How can I stop ossec from sending out emails regarding agents to different agent e-mail addresses > > Example: > > OSSEC HIDS Notification. > 2013 Jan 01 07:30:55 > > Received From: (stewart1) XX.XX.XX.XX->/var/log/auth.log > Rule: 5720 fired (level 10) -> "Multiple SSHD authentication failures." > Portion of the log(s): > > Jan 1 07:30:48 ossecagent1 sshd[22620]: Failed password for root from XX.248.16.XX port 40647 ssh2 > Jan 1 07:30:45 ossecagent2 sshd[8689]: Failed password for root from XX.248.16.XX port 60038 ssh2 > --END OF NOTIFICATION > > Email above was received by ossecagent1 email address, yet it contains information about host ossecagent2 which I want to stop from happening > > > > Regards,
You could configure ossec to not group emails.
