Hi, I'm trying to figure out when the rule for invalid su attempts is generated and email dispatched. Whenever my client attempts to login to root account by using su, an alert is triggered in the /var/ossec/logs/alerts/alerts.log.
I would like to know the threshold when an email alert is being sent: how many invalid login attempts does it take in certain time to send en email. And how to change that to send an email on every invalid attempt. Thank you -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
