Thanks for the answer, that clarifies my understanding. Sounds like you
would like to see the alert details so here they are ("our-demo" below is
an agent, not the server):
OSSEC HIDS Notification.
2017 Aug 27 08:20:39
Received From: (our-demo) 10.nnn.nnn.nnn->ossec-keepalive
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
--MARK--:
dh7GKhV3D=9_tT9mi+oFulZk!/aTDX2_mDueL^7wo;Y-[Bccq4-;^Pcb]Qcyh5n7QH@JrN5))x9$Y#&w;6p835rYqu-@HdN=LsBknO.bu7%A]Yf)#8dJHvbfPGzEJ#vC/eMmb;1vhJdcQi+!&'o623tZdS.]#[email protected]=a7+Xe0+LwVV'xoLxlGe(lxfDkz]Ywi.!x)BCN5v98*k??VxZ]^LVg/;4@CwP;7tqUdaP8v6KU*;c_31yMU)aatm@d-u,XNm0/0joD&h;j?I.2RvWfWef&4y)US^lNJtMdDiH1p$sop3y6'Ct._#$Se1UWKodCH.Fsg#)9TTGqr4-YPjV*+DEH/;.-UPs,[YoO(Qs_dYeu!J(taITE@=@rx9h(s%w0_Kj6[BU/'hslQT)Q]G_o@0FQ*[CRqgleRutLdv=KCkWAlJ*g^n8UvhegP+fo]rs['L_.7@HRDL(O_lUlywnc*6W^d2.MB3H8Xv5yaVxEaj(D8+OPZkR'&h8)rnzayo9+JI1;L'!MQext'@8b+t[n%kOO@wOdK5HCWcubJ/][Qs1KMD'^eB.A''w4p@p0;e,OhqQ/2'GmmbegEL+-#Ar5u]*JoPRhTNV0lfhvNNIZP[5BGc60*FATAl,Pi,W2Jl!d5*ymzotwjGf.I@X
--END OF NOTIFICATION
On Monday, August 28, 2017 at 10:53:55 AM UTC-5, Leroy Tennison wrote:
>
> Just FYI, not sure if a resolution to
> https://groups.google.com/forum/#!msg/ossec-list/dE3klm84JMU/kGZkRdSl3ZkJ
> has been put in place or not but it is occurring in v2.9.2 - I received an
> email alert (can post the text if it would be helpful).
>
> Related to this, I noticed that the alert level is 2, it appears that the
> only place to set alert levels is in ossec.conf on the server or 'local'
> (it is configured on the server as the
> default: <email_alert_level>7</email_alert_level>).
>
> I seem to remember seeing somewhere that a local install was one where the
> server managed only itself but can't find that reference now, is that
> correct?
>
> The other option is to configure the system as hybrid, if that would allow
> the notification to be suppressed (and the implications of the change
> weren't too great), I would be glad to configure it that way if someone
> could point me to instructions on how to do so.
>
> Thanks for the help, my learning curve at this point is pretty steep.
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
