On Wed, Dec 23, 2015 at 10:15 AM, Maxim Surdu <[email protected]> wrote: > i recevie mail with alert level 2, and higher but not recieve mail from this > rule, i simulate/test the alert is working is showing in kibana and ossec > wui but not reciev mail :( >
I'll assume that means these alerts show up in the alerts.log. Are you sure the alert wasn't included in an email with other alerts? I'm not really sure how to troubleshoot 1 email not showing up when others are working just fine. > > miercuri, 23 decembrie 2015, 17:10:37 UTC+2, Maxim Surdu a scris: >> >> yes, i change and all rules are loaded when ossec is started >> >> miercuri, 23 decembrie 2015, 16:58:18 UTC+2, dan (ddpbsd) a scris: >>> >>> On Wed, Dec 23, 2015 at 9:49 AM, Maxim Surdu <[email protected]> wrote: >>> > This rule is locate in /var/ossec/rules/policy_rules.xml >>> > >>> >>> Is policy_rules.xml loaded in your ossec.conf? Generally that entry is >>> commented out in a default installation. >>> >>> > >>> > miercuri, 23 decembrie 2015, 16:39:18 UTC+2, Maxim Surdu a scris: >>> >> >>> >> yes i want for a specific mail, but i not recieve mail form this alert >>> >> >>> >> miercuri, 23 decembrie 2015, 15:39:52 UTC+2, Maxim Surdu a scris: >>> >>> >>> >>> Hi everyone, >>> >>> >>> >>> I am new in Ossec, i installed Virtual Appliance of ossec, all is >>> >>> working >>> >>> fine, can i do to ossec mail me for specific rule? >>> >>> for example for this rule >>> >>> >>> >>> >>> >>> <group name="policy_violation,"> >>> >>> <rule id="17101" level="9"> >>> >>> <if_group>authentication_success</if_group> >>> >>> <time>06:00 pm - 09:00 am</time> >>> >>> <description>Successful login during non-business >>> >>> hours.</description> >>> >>> <group>login_time,</group> >>> >>> </rule> >>> >>> >>> >>> >>> >>> >>> >>> Any help would be greatly appreciated >>> >>> >>> >>> Thanks, >>> >>> Maxim >>> > >>> > -- >>> > >>> > --- >>> > You received this message because you are subscribed to the Google >>> > Groups >>> > "ossec-list" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> > an >>> > email to [email protected]. >>> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
