I hadn't really considered the mail server may be the problem - we naturally utilize sendmail to offload the notifications and route them through our corporate O365 exchange server.
I was getting some integrity changes hours after the changes actually occurred (on boxes with realtime=yes and inotify packages installed). I also double checked my inbox, and this particular alert (for a file being re-added, i.e. a new version) only appears once in my inbox. On Wednesday, April 6, 2016 at 4:40:08 PM UTC-4, [email protected] wrote: > > did you look to maillog of your server ? > When were actual sent notifications ? > Email may be deferred by couple of reasons: > * graylisting > * mail server overloading or even inactivvity. > > If you want fast and reliable delivery - try to setup additional > notification engine. > We choose slack, but there're couple of chat systems, that can receive > notifications by their api. > > среда, 6 апреля 2016 г., 17:33:03 UTC+4 пользователь thak написал: >> >> Any idea what the likely reason would be for this? We were installing >> some diagnostic packages yesterday afternoon, but I didn't get email >> notifications until 0430 today. >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
