Daniel,
Your granular options for the e-mail alerting are great! That was
exactly what I needed.
I just added the following to the OSSEC server ossec.conf file:
<email_alerts>
<email_to>[EMAIL PROTECTED]</email_to>
<event_location>192.168.0.1</event_location>
</email_alerts>
<email_alerts>
<email_to>[EMAIL PROTECTED]</email_to>
<event_location>192.168.0.2</event_location>
</email_alerts>
... and the <global> email address received all notifications, but the
"ip specific" addresses only received the alerts pertaining to their
machine.
You made my morning.
Thank you,
Jason R. Vitz
Director, Client Services
Mindbridge
610-666-5262 ext.770
http://www.mindbridge.com
Daniel Cid wrote:
> Hi Jason,
>
> This feature is already implemented (granular e-mail alerting). Take a look
> at:
>
> http://www.ossec.net/wiki/index.php/Know_How:GranularEmail
>
> Hope it helps.
>
> --
> Daniel B. Cid
> dcid ( at ) ossec.net
>
> On 9/13/07, Jason Vitz <[EMAIL PROTECTED]> wrote:
>
>> Hi,
>>
>> I am wondering if there has been any thought given to allowing a
>> notification email address to be defined at the agent level. I like the
>> centralized maintenance of the server-agent, but if I have two server,
>> each belonging to a different department, each having their own admin,
>> then it would be great to have the department's admin email address
>> defined at the agent level and the global IT admin email address defined
>> at the server level. That way IT would get the alert notifications for
>> all the agents, but the department admins would only get the alerts
>> pertaining to their specific agent.
>>
>> BTW... I love the product, especially active-response.
>>
>> Best Regards,
>> --
>> Jason R. Vitz
>> Director, Client Services
>> Mindbridge
>> 610-666-5262 ext.770
>> http://www.mindbridge.com
>>
>>
>
>
>
