Finally, you got it!.
I think your conclusion makes sense.
Regards.
On Wednesday, July 12, 2017 at 7:49:36 PM UTC+2, Alexis Lessard wrote:
>
> The issue was indeed the email_maxperhour setting. My guess is, because we
> basically told OSSEC to send every event to noreply@localhost. The
The issue was indeed the email_maxperhour setting. My guess is, because we
basically told OSSEC to send every event to noreply@localhost. The default
threshold was reached pretty quickly, so all events until the threshold was
reach until the end of the hour were sent back to us in a big email. We
Hi Alexis,
So, you are receiving alert with level 3 in ourservice@domain, right?. That
doesn't make sense (I understand that email1, email2 or email3 is not
ourservice@domain).
Try to use: do_not_delay and do_not_group. Also, the email_maxperhour
Thanks for the tip! We tested it, but it doesn't seem to be working. Here's
what the configuration looks like now:
yes
noreply@localhost
smtpserver
ossec@domain
email1
email2
email3
several, agents, name
ourservice@domain
9
Hi Alexis,
I'm not sure about what it is happening. Do a simple test. Set
*email_alert_level
*to 1, and configure only one custom alert:
yes
noreply@localhost
smtpserver
*email1*
*email2*
10
Generate an alert with level 10, you will receive:
-