Hi,
I was wondering if there is a trivial way to send an email
notification everytime an active response is triggered?
If there isn't I would start monitoring the {ossecdir}/logs/ar.log on
the agents and server and write rules to give me an alert everytime a
line is appended to that file which would do the trick. However I
don't wanna add the logcheck monitoring of said file on each host but
via centralized configuration.
If I do that, will the entries in {ossecidr}/etc/ossec.conf for
logcheck be ignored by the agents or read additionally to the
centralized config pushed by the server to {ossecidr}/etc/shared/ ?
Thanks in advance,
Oscar
