[ossec-list] Granular E-Mail alerts

Tue, 05 Mar 2013 09:20:58 -0800 

Hi,

I'm new using Ossec and I'm trying to configure email alerts, but with no 
success.

I would like to only be notified by email alerts about events id 5715, 5501 and 
5402, but after I configure this granular alert editing ossec.conf, it doesn't 
work.

Whenever I edit the email_alert_level to level 3, I get a lot of emails with 
many events, witch is not expected.

I saw in old emails the possibility of rewrite the event_id changing its level 
in local_rules.xml, but in the statistics they get doubled, so I much rather 
not go that way.

I wouldn't like to get notified by automatic emails, if possible deactivate the 
email_alert_level, I've tried to set level 0, with no success.

My configuration:

  <global>
    <email_notification>yes</email_notification>
    <email_to>[email protected]</email_to>
    <smtp_server>smtp.email.com</smtp_server>
    <email_from>[email protected]</email_from>
    <email_maxperhour>100</email_maxperhour>
    <prelude_output>yes</prelude_output>
  </global>

  <alerts>
    <log_alert_level>1</log_alert_level>
    <email_alert_level>8</email_alert_level>
  </alerts>

  <email_alerts>
    <email_to> [email protected]</email_to>
    <level>3</level>
    <rule_id>5715, 5501, 5402</rule_id>
    <do_not_delay />
    <do_not_group />
  </email_alerts>

  <email_alerts>
    <email_to>[email protected]</email_to>
    <rule_id>11402</rule_id>
    <event_location>webserver.domain.com</event_location>
    <do_not_delay />
    <do_not_group />
  </email_alerts>

Regards,

Willen Borges Coelho

________________________________

Esta mensagem (incluindo anexos) contém informação confidencial destinada a um 
usuário específico e seu conteúdo é protegido por lei. Se você não é o 
destinatário correto deve apagar esta mensagem.

O emitente desta mensagem é responsável por seu conteúdo e endereçamento.
Cabe ao destinatário cuidar quanto ao tratamento adequado. A divulgação, 
reprodução e/ou distribuição sem a devida autorização ou qualquer outra ação 
sem conformidade com as normas internas do Ifes são proibidas e passíveis de 
sanção disciplinar, cível e criminal.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to