Hi Guys,
I *desperately* need to create a rule that will fire when a specific AD user has a failed authentication event on my sensors. What must the rule look like? Where do i put it? into msauth_rules or what? Then I want to make it send me emails by doing the below. for now I don't want emails for anything else, I will manually add more when required. >From here: https://www.ryanschulze.net/archives/1666 1 2 3 4 5 6 7 8 9 10 11 12 13 <ossec_config> <global> <email_notification>yes</email_notification> <smtp_server>127.0.0.1</smtp_server> <email_to>[email protected]</email_to> <email_from>[email protected]</email_from> </global> <email_alerts> <email_to>[email protected]</email_to> <level>7</level> </email_alerts> </ossec_config> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
