I think you may have misread my email. I had already read the posting
to this group and the article on the OSSEC web site. I have already
successfully configured OSSEC to send email notifications "to"
different email addresses based on agents and events and find that it
works perfectly.
However, what I wanted to know is if it is also possible to have the
notifications appear to have been sent "from" different email
addresses based on agents and events.
Below is an example of an ossec.conf file that may better illustrate
what I am trying to do:
<global>
<email_notification>yes</email_notification>
<email_to>[EMAIL PROTECTED]</email_to>
<smtp_server>mailserver.domain.com.</smtp_server>
<email_from>[EMAIL PROTECTED]</email_from>
</global>
<email_alerts>
<email_to>[EMAIL PROTECTED]</email_to>
<email_from>[EMAIL PROTECTED]</email_from>
<group>firewall</group>
</email_alerts>
If I try to start OSSEC with the above lines in the ossec.conf file I
get the following error:
2007/09/15 08:28:24 ossec-maild(1230): Invalid element in the
configuration: 'email_from'.
If I remove the email_from tag from the email_alerts entry then
everything works fine. Having a different "from" address by alert or
eventtype would be useful to me but from what I have seen it doesnt
appear to be possible. I was hoping to confirm whether or not I am
doing something wrong or if this is in fact not a supported
configuration.
On Sep 14, 8:07 pm, "Peter M. Abraham" <[EMAIL PROTECTED]>
wrote:
> Greetings:
>
> That was just asked the other day <smile>
>
> http://groups.google.com/group/ossec-list/browse_thread/thread/b8075a...
>
> >From Daniel B. Cid:
>
> "Hi Jason,
>
> This feature is already implemented (granular e-mail alerting). Take a
> look at:
>
> http://www.ossec.net/wiki/index.php/Know_How:GranularEmail
>
> Hope it helps."
>
> Thank you.
