Thank you Pedro. I've actually taken a step back from this, and I'm trying
to figure out why the emails are getting sent in the first place. If the
default level is 7, and I haven't changed that:
<global>
<email_notification>yes</email_notification>
<email_to>[email protected]</email_to>
<smtp_server>my.smtp.server</smtp_server>
<email_from>[email protected]</email_from>
<white_list>127.0.0.1</white_list>
<logall>yes</logall>
</global>
<alerts>
<log_alert_level>1</log_alert_level>
<email_alert_level>7</email_alert_level>
</alerts>
....then I do not understand why level 2 emails are coming in:
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
On Mon, Nov 23, 2015 at 12:24 PM, Pedro S. <[email protected]> wrote:
> Hi Daniel, sorry for late response.
>
> I don't know for real what is happening with your alerts but i'll keep
> giving you some advices, we'll see if we can make this work.
>
> Maild read directly from alerts.log, search for "mail" flag and if it is
> present send the email, that means if your alerts is printing out into
> alerts.log file it should be sent by email.
>
> So, first try to locate the alert 10005 (or 100007) in your alerts.log
> file.
> Second, in your ossec.conf file between <email_alerts> tags include the
> following for better testing:* <do_not_delay /> and do_not_group*
>
> It is very important that the alert your looking to be send via email
> actually be present on alerts.log file.
>
> Good luck! Keep us up to date.
>
>
> El lunes, 23 de noviembre de 2015, 5:03:18 (UTC-8), Daniel Bray escribió:
>>
>>
>> On Monday, November 16, 2015 at 8:28:27 AM UTC-5, Daniel Bray wrote:
>>>
>>> With the updated alert_by_email settings, this has stopped the email
>>> alerts. I see it hitting the WebUI as alert level 2, but no emails are
>>> coming in.
>>>
>>
>>
>> Unfortunately, with everything put back to the default settings, this
>> issue remains. I'm seeing other issues with some filters as well. Not sure
>> what else to do. It must be a bad install or version I'm running.
>>
> --
>
> ---
> You received this message because you are subscribed to a topic in the
> Google Groups "ossec-list" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ossec-list/uXdwCE64oRU/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> [email protected].
> For more options, visit https://groups.google.com/d/optout.
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
