On Thu, Jan 31, 2019 at 4:15 PM Louis Bohm <[email protected]> wrote: > > In my ossec.confg I have the following: > <alerts> > <log_alert_level>5</log_alert_level> > <email_alert_level>8</email_alert_level> > </alerts> > > This produces an email alert that shows me the event that triggered the alert > and then bellow that it show “Portion of the log(s):”. However, from what I > can tell the first event shown in the log is the triggering event. All the > other lines are events from the master ossec server not the client where the > triggering event happened. > > Is there anyway to get rid of the “Portion of the log(s):” part of the email? >
Edit src/os_maild/sendmail.c I imagine. Or the part that gathers the logs for the email, but I don't know that off the top of my head. > Louis > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
