We have some noisy servers that generate too much log that we don't need to
receive the alerts.
But we have a couple of servers in which we would like to receive couple of
emails with the alerts.
We have this config:
<ossec_config>
<global>
<email_notification>yes</email_notification>
<email_to>[email protected]</email_to>
<smtp_server>mail.server.com</smtp_server>
<email_from>[email protected]</email_from>
<email_maxperhour>6</email_maxperhour>
</global>
<email_alerts>
<email_to>[email protected]</email_to>
<event_location>sample_server</event_location>
<level>7</level>
</email_alerts>
But the first email in the hour that admin receives, contains all the log
from the others noisy servers.
How can I get admin to receive ONLY emails from sample_server?
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
