All of them are like this one: OSSEC HIDS Notification. 2014 Apr 11 00:48:55
Received From: my_host_name->/var/log/syslog Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." Portion of the log(s): Apr 11 00:48:47 my_host_name kernel: iptables denied: IN=eth0 OUT= MAC=ff:3c:91:70:34:ec:84:38:af:0d:97:c1:09:11 SRC=xx.xx.xx.xx DST=xx.xx.xx.xx LEN=76 TOS=0x00 PREC=0x00 TTL=53 ID=57740 PROTO=UDP SPT=455 DPT=123 LEN=56 (I replaced both IPs with x's) On Thursday, April 10, 2014 9:16:13 PM UTC-5, nicolaszin wrote: > > Which alerts is it? > > does the alert has a “alert_by_email” by any chance? > > > > > On Thu, Apr 10, 2014 at 9:03 PM, Evan <[email protected] <javascript:>>wrote: > >> Today I installed OSSEC on my server and I have these settings: >> >> <global> >> <email_notification>yes</email_notification> >> <email_to>[email protected] <javascript:></email_to> >> <smtp_server>localhost</smtp_server> >> <email_from>ossecm@scaver</email_from> >> </global> >> >> <email_alerts> >> <email_to>[email protected] <javascript:></email_to> >> <level>7</level> >> </email_alerts> >> >> Near the end of the file I have these lines as well: >> >> <alerts> >> <log_alert_level>1</log_alert_level> >> <email_alert_level>8</email_alert_level> >> </alerts> >> >> But with these settings I get an email from OSSEC every 5 seconds and >> it's a Level 2 alert. What do I need to configure so that I only get an >> email for level 7 and above? >> >> Thanks, >> Evan >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
