On Sun, Dec 8, 2013 at 2:57 AM, evangeline eleanor <[email protected]> wrote: > Hi, > > I'm trying to figure out when the rule for invalid su attempts is generated > and email dispatched. Whenever my client attempts to login to root account > by using su, an alert is triggered in the /var/ossec/logs/alerts/alerts.log. > > I would like to know the threshold when an email alert is being sent: how > many invalid login attempts does it take in certain time to send en email. > And how to change that to send an email on every invalid attempt. > > Thank you >
What is your email_alert_level? What level is the su rule? > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
