I added this limit early on to prevent a flood of emails in case of a config mistake or an attack.
Plus, operationally speaking, I doubt any team can realistically handle and investigate more than 10,000+ emails in an hour :) thanks, On Fri, Jan 29, 2016 at 1:16 PM, Eero Volotinen <[email protected]> wrote: > Well, why there is such low limit without #define INT_MAX_VALUE YY > > Is should be like (Mail->maxperhour > INT_MAX_VALUE) ? > > > > > -- > Eero > > 2016-01-28 16:22 GMT+02:00 <[email protected]>: > >> Hi, >> >> I found that limit and it's hardcoded at function Read_Global(), in >> src/config/global-config.c >> >> if ((Mail->maxperhour <= 0) || (Mail->maxperhour > 9999)) { >> merror(XML_VALUEERR, __local_name, node[i]->element, node[i]->content); >> return (OS_INVALID); >> } >> >> You may increase this limit as you need it and recompile your OSSEC >> manager, but there's no way to use a greater number of emails by modifying >> a config file. >> >> I hope this will help you. >> >> Best regards. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
