On Tue, Jul 23, 2013 at 12:45 PM, Macaulay Dias Souza
<[email protected]> wrote:
> We have some rules like:
>
> Rule: 1002 fired (level 2) - "Unknown problem somewhere in the system."
<rule id="1002" level="2">
<match>$BAD_WORDS</match>
!!!!!!!! <options>alert_by_email</options> !!!!!!!!!!!!!
<description>Unknown problem somewhere in the system.</description>
</rule>
http://ossec.net/doc/faq/alerts.html#how-do-i-ignore-rule-1002
> Rule: 18152 fired (level 10) - I need change the numero of attempts failures
I don't know why this one is making it through. You did restart the
ossec processes?
> Rule: 18119 fired (level 3) - First logon
>
http://ossec.net/doc/faq/alerts.html#i-set-the-email-alert-level-to-10-why-do-i-keep-seeing-rules-with-lower-levels
<rule id="18119" level="3">
<if_sid>18107</if_sid>
!!!!!!! <options>alert_by_email</options> !!!!!!!!
<if_fts />
<description>First time this user logged in this system.</description>
<group>authentication_success,</group>
</rule>
>
> Em segunda-feira, 22 de julho de 2013 09h18min34s UTC-3, Macaulay Dias Souza
> escreveu:
>>
>> Is possible can limit the level of alert to my email? I want to receive
>> alerts only above 6
>>
>>
>>
>> I addict
>> <email_alerts>
>>
>> <email_to>[email protected]</email_to>
>> <level>12</level>
>>
>> </email_alerts>
>>
>> I keep getting emails from levels 2,3,4 ...
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
