On Thu, Jun 4, 2015 at 8:42 AM, Todd Clementz <[email protected]> wrote: > Good Day, > > > > I am having a few issues that I am hoping you can help me out with. The > first is when notifications come in, I get what seem like a hundred > notifications on logins of some of our users from the after login hours > trigger. The time and date are set correctly on the OSSEC box, but when the
Do you get a bunch at the start of an hour? There is a max emails per hour limit, so future emails are held to the next hour. > alerts come in to email, they are way off so I don't know what setting I am > missing. The other issue I am having is that when notifications come in, > it's like the flood gates are open. Not just a few triggers, but many. I Turn on the log all option on the manager, restart the OSSEC processes, and watch archives.log to see if you're getting log messages in spurts. > have the OSSEC Book, but am having problems with creating rules. Are the > only rules that can be modified the Local_Rules? When I try to modify any > of the other rules, the restart on the client fails until I revert the > changes. Any help would be appreciated. > With no information to go on, I'd have to guess that you've modified the rules incorrectly. > > > Todd Clementz > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
