On Wed, Dec 23, 2015 at 10:15 AM, Maxim Surdu <[email protected]> wrote:
> i recevie mail with alert level 2, and higher but not recieve mail from this
> rule, i simulate/test the alert is working is showing in kibana and ossec
> wui but not reciev mail :(
>

I'll assume that means these alerts show up in the alerts.log.

Are you sure the alert wasn't included in an email with other alerts?
I'm not really sure how to troubleshoot 1 email not showing up when
others are working just fine.

>
> miercuri, 23 decembrie 2015, 17:10:37 UTC+2, Maxim Surdu a scris:
>>
>> yes, i change and all rules are loaded when ossec is started
>>
>> miercuri, 23 decembrie 2015, 16:58:18 UTC+2, dan (ddpbsd) a scris:
>>>
>>> On Wed, Dec 23, 2015 at 9:49 AM, Maxim Surdu <[email protected]> wrote:
>>> > This rule is locate in /var/ossec/rules/policy_rules.xml
>>> >
>>>
>>> Is policy_rules.xml loaded in your ossec.conf? Generally that entry is
>>> commented out in a default installation.
>>>
>>> >
>>> > miercuri, 23 decembrie 2015, 16:39:18 UTC+2, Maxim Surdu a scris:
>>> >>
>>> >> yes i want for a specific mail, but i not recieve mail form this alert
>>> >>
>>> >> miercuri, 23 decembrie 2015, 15:39:52 UTC+2, Maxim Surdu a scris:
>>> >>>
>>> >>> Hi everyone,
>>> >>>
>>> >>> I am new in Ossec, i installed Virtual Appliance of ossec, all is
>>> >>> working
>>> >>> fine, can i do to ossec mail me for specific rule?
>>> >>> for example for this rule
>>> >>>
>>> >>>
>>> >>> <group name="policy_violation,">
>>> >>>   <rule id="17101" level="9">
>>> >>>     <if_group>authentication_success</if_group>
>>> >>>     <time>06:00 pm - 09:00 am</time>
>>> >>>     <description>Successful login during non-business
>>> >>> hours.</description>
>>> >>>     <group>login_time,</group>
>>> >>>   </rule>
>>> >>>
>>> >>>
>>> >>>
>>> >>> Any help would be greatly appreciated
>>> >>>
>>> >>> Thanks,
>>> >>> Maxim
>>> >
>>> > --
>>> >
>>> > ---
>>> > You received this message because you are subscribed to the Google
>>> > Groups
>>> > "ossec-list" group.
>>> > To unsubscribe from this group and stop receiving emails from it, send
>>> > an
>>> > email to [email protected].
>>> > For more options, visit https://groups.google.com/d/optout.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to