I was thinking perhaps there's a way I could get round this using Profiles somehow, but haven't had much luck getting the config I am attempting to run.
Any suggestions as to how I could achieve this? Michael From: Michael Dongworth Sent: Wednesday, 4 December 2013 4:02 PM To: [email protected] Subject: Alerting Question Hey there, Just wondering, is it possible to disable Syslog output for just 1 log file being passed to the Manager, but leave email alerting intact for that same log file? I have an agent on my Snort server, and would like to use the email alerting of Ossec to alert on the Snort plaintext log. I don't however want these Snort messages going over the Ossec syslog at all, but do require all other Ossec messages to be sent to the remote Syslog server I have setup. All examples/documentation for the Syslog config seem to suggest I can forward based on alert level, or server, but is there a way to exclude one logfile only for Syslog without excluding it from email alerting also? Cheers, Michael -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
