On Thursday, November 6, 2014 4:53:33 AM UTC-8, dan (ddpbsd) wrote: > > On Wed, Nov 5, 2014 at 5:09 PM, <[email protected] <javascript:>> > wrote: > > Hi all, > > > > 1, Can Ossec triggers a rule based on a predefined condition? > > For example, for the following message from mongod.log, is there a way > to > > define a rule which would be triggered if memory field is bigger than > 15000 > > (15GB)? So far I could extract value "17189" out as a decoder field such > as > > extra_data but I don't know how to use it to conduct the condition > > detection. > > 2014-11-05T10:18:07.335-0800 [clientcursormon] mem (MB) res:17189 > > virt:106967 > > > > There are no "greater than" or "less than" type options at the moment. > > > 2, Can Ossec send alert to additional email boxes? > > By default, Ossec will send alert to the email box which is given during > the > > installation. I just wonder if there is an easy way to extend this email > > list since sometime we may want to send the message to co-workers as > well. > > > > Look at the granular email options, or configure shared email boxes or > aliases on the mailserver. > > > 3, Can we adjust the OSSEC-WUI refresh interval? > > How often OSSEC-WUI check the alert.log and update its output? Is there > a > > system parameter for this checking/updating interval? > > > > It's open source php, so yes. > > Yes, I figured out that I should edit the file */var/www/html/ossec-wui/index.php* for this setting change. Thanks Dan for your instruction and help.
> > I really appreciate your comments and help. > > > > Best Regards, > > Yongzhi > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
