Hey Lance, To answer your question, <email_alerts> is within the <ossec_config> file, but not within the <global> tag.
You can have multiple <email_alerts> tags as well. If you want to reduce the amount of unknown errors you get from a specific agent, you can set up <groups>. For example: <email_alerts> <email_to>[email protected]</email_to> <event_location>agent007</event_location> <group>syslog</group> <level>10</level> <do_not_delay /> </email_alerts> That way you will only be getting alerts from rules that are triggered from a syslog trigger. This would be in the ossec.conf file server-side. If you want to tinker with that agent specifically does, you will see a ossec.conf file on the agent-side where you can change the paths for OSSEC to monitor. Also - you can have a agent.conf file created on the server-side to manage all your agents log paths ect. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
