On Mon, Aug 6, 2018 at 10:50 AM, Pablo Garcia <[email protected]> wrote:
> Hello, I need help because I am receiving emails from level 5 rules in the
> ossec configuration, I am configured to send alerts from level 11, in
> particular the one that received the most corresponds to the rule Rule:
> 31122 fired ( level 5) -> "Web server 500 error code (Internal Error).", the
> configuration in ossec / rules is the one that installs by default and has
> activated as option send email in the rule, but should not be sending it if
> it respected the level from ossec.conf, you can help me with this problem.
>
> Thank you
>
<rule id="31122" level="5">
<if_sid>31120</if_sid>
<id>^500</id>
<options>alert_by_email</options>
<description>Web server 500 error code (Internal Error).</description>
<group>system_error,</group>
</rule>
The <options>alert_by_email</options> makes it send email no matter
what (assuming email is configured).
You'll have to remove that, either with a child rule or an overwrite rule.
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
