hi,
I have global email alerts configured and granular email alerts working
fine for specific rules.
e.g.
<global>
<email_notification>yes</email_notification>
<email_to>[email protected]</email_to>
<smtp_server>example.com.</smtp_server>
<email_from>[email protected]</email_from>
</global>
<email_alerts>
<email_to>[email protected]</email_to>
<rule_id>5719, 40111</rule_id>
</email_alerts>
Now email alerts for rule 40111 go to both email addresses. I would like it
to go to only the granular address, not the global. Is this possible ?
Ultimately, what I want is to avoid email alerts for specific very high
traffic rules (for instance someone trying to authenticate to "helpdesk").
I want to keep the rule and it's level in place so the active response does
it's thing with host-deny and firewall rules. I know I can override the
rule in local_rules.xml with no_email_alert, but that is more work :( and
would need review each time I upgrade, so i was hoping there was an easier
solution.
thanks
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
