i recevie mail with alert level 2, and higher but not recieve mail from this rule, i simulate/test the alert is working is showing in kibana and ossec wui but not reciev mail :(
miercuri, 23 decembrie 2015, 17:10:37 UTC+2, Maxim Surdu a scris: > > yes, i change and all rules are loaded when ossec is started > > miercuri, 23 decembrie 2015, 16:58:18 UTC+2, dan (ddpbsd) a scris: >> >> On Wed, Dec 23, 2015 at 9:49 AM, Maxim Surdu <[email protected]> wrote: >> > This rule is locate in /var/ossec/rules/policy_rules.xml >> > >> >> Is policy_rules.xml loaded in your ossec.conf? Generally that entry is >> commented out in a default installation. >> >> > >> > miercuri, 23 decembrie 2015, 16:39:18 UTC+2, Maxim Surdu a scris: >> >> >> >> yes i want for a specific mail, but i not recieve mail form this alert >> >> >> >> miercuri, 23 decembrie 2015, 15:39:52 UTC+2, Maxim Surdu a scris: >> >>> >> >>> Hi everyone, >> >>> >> >>> I am new in Ossec, i installed Virtual Appliance of ossec, all is >> working >> >>> fine, can i do to ossec mail me for specific rule? >> >>> for example for this rule >> >>> >> >>> >> >>> <group name="policy_violation,"> >> >>> <rule id="17101" level="9"> >> >>> <if_group>authentication_success</if_group> >> >>> <time>06:00 pm - 09:00 am</time> >> >>> <description>Successful login during non-business >> >>> hours.</description> >> >>> <group>login_time,</group> >> >>> </rule> >> >>> >> >>> >> >>> >> >>> Any help would be greatly appreciated >> >>> >> >>> Thanks, >> >>> Maxim >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
