On Wed, Sep 28, 2016 at 2:29 PM, Laura Herrera <[email protected]> wrote: > Hi guys, > > I need to get ossec to use a script every time that an alert is fired by any > of my servers. > > There is an example of this in > http://ossec-docs.readthedocs.io/en/latest/manual/ar/ar-custom.html > which uses a script on the server when a specific rule is fired. > > How can i make that generic, so that this script gets called every time > there is any alert for which an email would've been sent? >
There isn't really. The best option is to write something that either monitors one of the alert log files (alerts.json is probably easy) or monitors the zeromq publisher, and then performs actions based on that. I personally use the zeromq route, and it's really neat. > Thanks a lot > Laura > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
