On Wed, Apr 9, 2014 at 6:53 AM, Daniel Kertby <[email protected]> wrote: > > Hi, > > We want to split notifications so that the right staff get the right alerts. > > As I understood it, email_to is required in the global section of ossec.conf > (why not optionally?). We don't want all alerts to one address, so we > created a dummy email address on our > mail gateway. > > # BELOW WORKS > > <ossec_config> > <global> > <email_notification>yes</email_notification> > <smtp_server>ip-address</smtp_server> > <email_from>user@system</email_from> > <email_to>ossec-email-dummy@mail_gateway</email_to> > <logall>yes</logall> > </global> > > # BELOW WORKS > > <email_alerts> > <group>secure-gateway</group> > <email_to>network_guy@domain</email_to> > </email_alerts> > > <email_alerts> > <group>netscreenfw</group> > <email_to>network_guy@domain</email_to> > </email_alerts> > > # BELOW DOESN*T WORK > > <email_alerts> > <group>syslog</group> > <email_to>system_admin@domain</email_to> > </email_alerts> > > <email_alerts> > <group>local</group> > <email_to>system_admin@domain</email_to> > </email_alerts> > > > Assistance how to get the local,syslog group alerts emailed to > system_admin@domain would be appreciated since I don't get it to work. >
local worked for me. What version are you using? Try "local," > > Regards, > Daniel > > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
