Thanks for the tip! We tested it, but it doesn't seem to be working. Here's
what the configuration looks like now:
<global>
<email_notification>yes</email_notification>
<email_to>noreply@localhost</email_to>
<smtp_server>smtpserver</smtp_server>
<email_from>ossec@domain</email_from>
</global>
<email_alerts>
<email_to>email1</email_to>
<email_to>email2</email_to>
<email_to>email3</email_to>
<event_location>several, agents, name</event_location>
</email_alerts>
<email_alerts>
<email_to>ourservice@domain</email_to>
<level>9</level>
<do_not_delay />
<do_not_group />
</email_alerts>
*email_alert_level *was also set to 1. We received one level 10 alert email
by itself. However, there were several others level 10 alerts that we
didn't receive any notifications from, even tough they appear in the alert
log. We then received an email report in ourservice@domain mailbox of about
10 minutes worth of events, with several level 10 alerts in it, but mostly
a lot of alerts we have no need for, like
Rule: 31101 fired (level 5) -> "Web server 400 error code."
I don't think that there's anything in my config that would justify alerts
of level 3 and 5 being sent. Do you know what could be wrong? We will
probably go back to having an email_alert_level of 7 with no custom alerts
and work from there. We receive a lot of events to this server; I'd say
about one every two or three seconds. Could that be a problem?
Thanks you for the reply, I'll be sure to keep you updated to document the
issue if anyone else has that problem,
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
