Hi,
We want to split notifications so that the right staff get the right alerts.
As I understood it, email_to is required in the global section of
ossec.conf (why not optionally?). We don't want all alerts to one address,
so we created a dummy email address on our
mail gateway.
# BELOW WORKS
<ossec_config>
<global>
<email_notification>yes</email_notification>
<smtp_server>ip-address</smtp_server>
<email_from>user@system</email_from>
<email_to>ossec-email-dummy@mail_gateway</email_to>
<logall>yes</logall>
</global>
# BELOW WORKS
<email_alerts>
<group>secure-gateway</group>
<email_to>network_guy@domain</email_to>
</email_alerts>
<email_alerts>
<group>netscreenfw</group>
<email_to>network_guy@domain</email_to>
</email_alerts>
# BELOW DOESN*T WORK
<email_alerts>
<group>syslog</group>
<email_to>system_admin@domain</email_to>
</email_alerts>
<email_alerts>
<group>local</group>
<email_to>system_admin@domain</email_to>
</email_alerts>
Assistance how to get the local,syslog group alerts emailed to
system_admin@domain would be appreciated since I don't get it to work.
Regards,
Daniel
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
