On Mon, Oct 25, 2010 at 4:31 PM, Jeremy Lee <jpl...@gmail.com> wrote: > Nevermind, I think that's it... one question on the "<weekday>" flag though. > What parameter would I use for the actual weekdays? Just "weekday" or > "weekdays" ? In the example, it lists specific days and "weekends" >
It looks like "weekday": http://www.ossec.net/doc/syntax/head_rules.html#element-group.rule.weekday I'd have to check the source to get more information. > On Mon, Oct 25, 2010 at 1:21 PM, Jeremy Lee <jpl...@gmail.com> wrote: >> >> Thanks Dan... btw, is the option to have a rule fire at a specific time >> just "<time>" within the rule ID itself? >> >> http://www.mail-archive.com/ossec-list@googlegroups.com/msg07544.html >> >> >> >> >> On Sun, Oct 24, 2010 at 1:09 PM, dan (ddp) <ddp...@gmail.com> wrote: >>> >>> On Sat, Oct 23, 2010 at 11:27 PM, Jeremy Lee <jpl...@gmail.com> wrote: >>> > It shows it is here: >>> > http://www.ossec.net/wiki/Know_How:GranularEmail >>> > >>> > example: >>> > >>> > <email_alerts> >>> > <email_to>b...@y.z</email_to> >>> > <rule_id>123, 124</rule_id> >>> > <do_not_delay /> >>> > <do_not_group /> >>> > </email_alerts> >>> > >>> > Was that a mistake in the older doc? >>> > >>> > BTW: is there a way to get OSSEC to log/email alerts in a specific time >>> > window (i.e. between 8am-5pm) ? >>> > >>> >>> In my other email I meant set <email_alert_level> to a lower number to >>> see if that helps. It looks like analysisd only compares the rule's >>> level to <email_alert_level> to decide whether to send out an email or >>> not. I'm going to ask for confirmation before updating the docs with >>> this information. >>> >>> I don't see an option to email during a certain time, but there are >>> options for the rules to only fire during certain times. >> > >
