Hi all, 1, Can Ossec triggers a rule based on a predefined condition? For example, for the following message from mongod.log, *is there a way to define a rule which would be triggered if memory field is bigger than 15000 (15GB)?* So far I could extract value "17189" out as a decoder field such as extra_data but I don't know how to use it to conduct the condition detection. *2014-11-05T10:18:07.335-0800 [clientcursormon] mem (MB) res:17189 virt:106967*
2, Can Ossec send alert to additional email boxes? By default, Ossec will send alert to the email box which is given during the installation. I just wonder if there is an easy way to extend this email list since sometime we may want to send the message to co-workers as well. 3, Can we adjust the OSSEC-WUI refresh interval? How often OSSEC-WUI check the alert.log and update its output? Is there a system parameter for this checking/updating interval? I really appreciate your comments and help. Best Regards, Yongzhi -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
