I think I can translate. Angelina needs to know if she can run a script when an alert is generated. She does not want to alert with emails because she gets too many emails.
This might not help, but what we do is push our OSSIM alerts to an SEIM (Security Event and Incident Management). I am using AlienVault OSSIM, but there are many others out there that are probably more light weight. I believe it is from the SEIM that you can chart out the alerts and generate emails within SEIM when you get to a certain threshold of alerts or by some other measurement of your choice. I think a main SEIM vendor is Splunk. Not sure if that helps, hopefully others here can chime in too. On Wednesday, December 2, 2015 at 4:21:09 AM UTC-6, [email protected] wrote: > > > <https://lh3.googleusercontent.com/-4HYWh6In7qo/Vl7CAYVSNWI/AAAAAAAAAAc/B0kdTcflseQ/s1600/20131008233840_eGw2H.thumb.700_0.jpeg> > hello~everyone ,Ossec some problems bothering me ~~ ossec *data is hug* , > my leader let me to deal with this data.....artificial......yeap~~~~it > is means i will nalysis those data by my eyes !!!!!!!!!oh my god > !!!!!!!!!!!!!!! It's driving me crazy !!!!!! and I think I think the > most crazy people is my leader !!!! There are nearly 170000 data > !!!!!!!!!!!! so help ME ........... > the *function is : * use another way to* alert admin *, At present > ,OSSEC-agent collate logs and give OSSEC-Server , OSSEC-Server > analysis logs ,and use E-mail to alert admin through Rules , the > rules has level . i use e-mail . .but email too many , some > important messages i usually can not see and deal problems.... so i > want ask ,can i use anothor way to alert admin (not E-mail ) .can i > choose > *different ways of alarm* by the degree of emergency content. > OSSEC can *use Scripts ??*?????????????????????????????????? > iam gona be dead .................help ..............T_T....... > > My English is not very good,Please understand~~~~~~~~~~ > Thanks for your reply > > > <https://lh3.googleusercontent.com/-4HYWh6In7qo/Vl7CAYVSNWI/AAAAAAAAAAc/B0kdTcflseQ/s1600/20131008233840_eGw2H.thumb.700_0.jpeg> > angelina > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
