Hello to everyone. I am fairly new to OSSEC and need a little assistance or nudge in the right direction.
I have installed the OSSEC agent on a Linux system running SNORT, and have configured the OSSEC agent to look at and read the SNORT alert file. I have confirmed that this does work, and according to the OSSEC alert log on the server, OSSEC server sees and generates an alert on IDS events...however, these alerts OSSEC sees and generates in its log file are not emailed out. The setting for email alerts is set to level 7, and while the majority are at level six, several level 8 and level 10 alerts do appear in the log file and email was never generated. I am receiving email alerts for other type alerts generated by OSSEC. Do I need to create my own rule to get OSSEC to email the alerts to me? If not, where might I go poking around to solve this? Respectfully, Robert Rhoads -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
