Hi, Let me know if I understood right, do you want OSSEC to only send emails related to syscheck notifications? If it is so, try to add a granular option on email notifications, you can use "group" setting in your email alerts configuration. Open and modify ossec.conf file at OSSEC Manager and add the following lines:
<email_alerts> <email_to>[email protected]</email_to> <group>syscheck</group></email_alerts> Restart your manager to apply changes. Now OSSEC will only forward "syscheck" alerts. More info: http://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.email_alerts.html I do not understand what you mean with rule 515 and "Ending rootcheck scan", please be more specific. Regards, Pedro S. On Monday, February 22, 2016 at 3:37:18 PM UTC+1, [email protected] wrote: > > Hello! > I want to send only changed filenames, like it in email(see below) ? > > Is there're any way, to avoid waiting rule 515 with "Ending syscheck scan" > and parse all logs by hands ? > > Thank you! > > ---------- email message with aggregation multiple events to a single > email ---------------- > OSSEC HIDS Notification. > 2016 Feb 22 06:10:15 > > Received From: serv-10244->syscheck > Rule: 550 fired (level 7) -> "Integrity checksum changed." > Portion of the log(s): > > Integrity checksum changed for: '/home/woodwork/public_html/ > xc4dev/var/templates_c/c7659adfadb0a34875da46831ecaa5 > 4e/%%10^10D^10D3B5F4%%import_export.tpl.php' > Old md5sum was: 'dceb399d30e95119919656e661204554' > New md5sum is : '81245ed3dd02f3406eb8a2fed54d9942' > Old sha1sum was: '7d76c4a8134f64290c14706f15e7c7a28256fc51' > New sha1sum is : '539cf636a958d88a3e8f1f8fbb468716a9a0a6d1' > > > > --END OF NOTIFICATION > > > > OSSEC HIDS Notification. > 2016 Feb 22 06:10:15 > > Received From: serv-10244->syscheck > Rule: 550 fired (level 7) -> "Integrity checksum changed." > Portion of the log(s): > > Integrity checksum changed for: '/home/woodwork/public_html/ > xc4dev/var/templates_c/c7659adfadb0a34875da46831ecaa5 > 4e/%%C3^C39^C3917CB7%%zipcode.tpl.php.md5' > Old md5sum was: '893a40c51c7f8bf5be98319a30c05a18' > New md5sum is : '94a2aab9fc50d05b6838e2bff772ee75' > Old sha1sum was: '092003613f24ac04e5214dc24d1dcb0494dbca03' > New sha1sum is : 'ed5607668955e07bedc7529f1f18843e174fdcf1' > > > > --END OF NOTIFICATION > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
