Hi Ry:
By the way, while the sonicwall will alert you, if properly
configured, of a bad login, the following /var/ossec/rules/
local_rules.xml may be another way:
<group name="syslog,sonicwall,">
<rule id="12000" level="12">
<if_sid>4810</if_sid>
<srcip>![your ip if static]</srcip>
<description>*** BAD IP - Firewall administrator login not from
[your ip if static] ***.</description>
<group>authentication_success,</group>
</rule>
</group> <!-- SonicWall -->
Then you could use http://www.ossec.net/wiki/index.php/Know_How:GranularEmail
and http://www.ossec.net/wiki/index.php/Know_How:GranularEmail to send
the alert to another email such as the following (in /var/ossec/etc/
ossec.conf:
<email_alerts>
<rule_id>12000</rule_id>
<email_to>[valid email address to be alerted when this rule goes
off</email_to>
<do_not_delay />
</email_alerts>
Thank you.
