On Tue, Mar 5, 2013 at 12:17 PM, Willen Borges Coelho <[email protected]> wrote: > Hi, > > > > I'm new using Ossec and I'm trying to configure email alerts, but with no > success. > > I would like to only be notified by email alerts about events id 5715, 5501 > and 5402, but after I configure this granular alert editing ossec.conf, it > doesn't work. > > Whenever I edit the email_alert_level to level 3, I get a lot of emails with > many events, witch is not expected. >
It should be expected. If you were looking at level 8+ then changed to 3+ you're going to see more alerts. > I saw in old emails the possibility of rewrite the event_id changing its > level in local_rules.xml, but in the statistics they get doubled, so I much > rather not go that way. > Did you set the overwrite option? You shouldn't be seeing duplicates if you do. > I wouldn't like to get notified by automatic emails, if possible deactivate > the email_alert_level, I've tried to set level 0, with no success. > > > > My configuration: > > > > <global> > > <email_notification>yes</email_notification> > > <email_to>[email protected]</email_to> > > <smtp_server>smtp.email.com</smtp_server> > > <email_from>[email protected]</email_from> > > <email_maxperhour>100</email_maxperhour> > > <prelude_output>yes</prelude_output> > > </global> > > > > <alerts> > > <log_alert_level>1</log_alert_level> > > <email_alert_level>8</email_alert_level> > > </alerts> > > > > <email_alerts> > > <email_to> [email protected]</email_to> > > <level>3</level> > > <rule_id>5715, 5501, 5402</rule_id> > You will only get emails about these if they are level 8+. > <do_not_delay /> > > <do_not_group /> > > </email_alerts> > > > > <email_alerts> > > <email_to>[email protected]</email_to> > > <rule_id>11402</rule_id> > > <event_location>webserver.domain.com</event_location> > > <do_not_delay /> > > <do_not_group /> > > </email_alerts> > > > > Regards, > > Willen Borges Coelho > > > ________________________________ > > Esta mensagem (incluindo anexos) contém informação confidencial destinada a > um usuário específico e seu conteúdo é protegido por lei. Se você não é o > destinatário correto deve apagar esta mensagem. > > O emitente desta mensagem é responsável por seu conteúdo e endereçamento. > Cabe ao destinatário cuidar quanto ao tratamento adequado. A divulgação, > reprodução e/ou distribuição sem a devida autorização ou qualquer outra ação > sem conformidade com as normas internas do Ifes são proibidas e passíveis de > sanção disciplinar, cível e criminal. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
