On Wed, Nov 5, 2014 at 5:09 PM, <[email protected]> wrote: > Hi all, > > 1, Can Ossec triggers a rule based on a predefined condition? > For example, for the following message from mongod.log, is there a way to > define a rule which would be triggered if memory field is bigger than 15000 > (15GB)? So far I could extract value "17189" out as a decoder field such as > extra_data but I don't know how to use it to conduct the condition > detection. > 2014-11-05T10:18:07.335-0800 [clientcursormon] mem (MB) res:17189 > virt:106967 >
There are no "greater than" or "less than" type options at the moment. > 2, Can Ossec send alert to additional email boxes? > By default, Ossec will send alert to the email box which is given during the > installation. I just wonder if there is an easy way to extend this email > list since sometime we may want to send the message to co-workers as well. > Look at the granular email options, or configure shared email boxes or aliases on the mailserver. > 3, Can we adjust the OSSEC-WUI refresh interval? > How often OSSEC-WUI check the alert.log and update its output? Is there a > system parameter for this checking/updating interval? > It's open source php, so yes. > I really appreciate your comments and help. > > Best Regards, > Yongzhi > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
