On Wed, Mar 23, 2016 at 10:19 AM, sandeep dubey <sandeep.san...@gmail.com> wrote: > Thanks Dan for the reply. > > I couldn't understand your comment - > > Both of these set: > <options>alert_by_email</options> >
If you look at /var/ossec/rules/syslog_rules.xml, you can see rule 10100 sets the above option. This means it will always send an email when it is triggered. Rule 1002 has the same option set. So no matter what your minimum rule level is, these rules will trigger emails. > On Wed, Mar 23, 2016 at 7:37 PM, dan (ddp) <ddp...@gmail.com> wrote: >> >> On Wed, Mar 23, 2016 at 10:01 AM, sandeep dubey >> <sandeep.san...@gmail.com> wrote: >> >> Ok, so it works when you use an individual email address, but not when >> >> you use a group? Which system handles the group email address? Can >> >> you check the logs there? >> > >> > Yes, when i use group emails are not being relayed. I am using Google >> > service. In logs i don't find anything except mentioned in previous >> > thread. >> >> Use tcpdump to see if there is any difference between the 2 email >> addresses. >> >> >> >> >> >> >> > One more observation is that, even though email alerts is configured >> >> > for >> >> > level 8, I am still getting alerts for level 2,3,4 etc. >> >> > >> >> >> >> That's very strange. I trust you've verified that the rules of level < >> >> 8 that trigger email alerts don't have >> >> "<options>alert_by_email</options>" set. >> >> Which rules with level < 8 are triggering emails? >> > >> > >> > Triggered emails are of level 2,4 and rules id is 1002,10100 >> > >> >> Both of these set: >> <options>alert_by_email</options> >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ossec-list+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. > > > > > -- > Regards, > Sandeep > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
