http://www.ossec.net/doc/syntax/head_ossec_config.reports.html#element-email_maxperhour
It goes in the global section. On Tue, Jul 26, 2011 at 7:22 PM, Chris Phillips <chris.phill...@inty.com> wrote: > Perfect, thanks! > > I haven't found an option to tweak max emails per hour, but I'm hoping to > tune out "noise" so the number of emails should be minimal. > > Cheers, > -- > ChrisP > > Chris Phillips > Service Designer, intY Ltd. > +44 (0)1454 640 532 > > > -----Original Message----- > From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On > Behalf Of dan (ddp) > Sent: 26 July 2011 20:21 > To: ossec-list@googlegroups.com > Subject: Re: [ossec-list] Notification alert email subject misleading > > Turn off email grouping. In /var/ossec/etc/internal_options.conf set: > maild.groupping=0 > > You may need to bump the max emails per hour, depending on how many > alerts you normally get. > > On Tue, Jul 26, 2011 at 10:59 AM, Chris Phillips > <chris.phill...@inty.com> wrote: >> Hi All, >> >> I have set up a central "server" and several "agent" OSSEC hosts and >> OSSEC-WUI and I can see them in the UI, but I have a question relating to >> alerts. >> >> Previously I had the agents configured as "local" OSSEC hosts and the alerts >> from them were obviously from each individual host, but now I have a server >> and agent setup, I see alerts from the agents, but all alerts I've seen so >> far, contain the wrong details in the subject line: - >> >> "Subject: OSSEC Notification - (Hathor) 10.0.2.10 - Alert level 10" >> >> This email alert actually contained many alerts, for multiple hosts, but the >> subject is quite misleading. >> >> Have I done something wrong and what can I do to make the alert subject a >> bit less misleading? >> >> I'd actually prefer to see individual alerts anyway, so I can easily scan >> through them and tune out (using some ruleset) those that are not >> important. Is this possible? >> >> Cheers, >> -- >> ChrisP >> >> > > Scanned by MailDefender - managed email security from intY - > www.maildefender.net > > Information in this electronic mail is confidential and may be legally > privileged. It is intended solely for the addressee. Access to this mail by > anyone else is unauthorised. If you are not the intended recipient any use, > disclosure, copying or distribution of this message is prohibited and may be > unlawful. When addressed to our customers, any information contained in this > message is subject to intY's Terms & Conditions. Please rely on your own > virus scanning and procedures with regard to any attachments to this message. > > Scanned by MailDefender - managed email security from intY - > www.maildefender.net > >
