Some of the out-of-the-box rules include an 'alert_by_email' option so that you receive an e-mail regardless of the level chosen in your ossec.conf. Reference: http://www.ossec.net/doc/faq/alerts.html#i-set-the-email-alert-level-to-10-why-do-i-keep-seeing-rules-with-lower-levels
On Dec 5, 2012, at 5:12 AM, Guilmxm <[email protected]> wrote: > Hi, > > Running OSSEC 2.7 with one server and one agent (Linux Debian and Ubuntu), my > server send me emails notification for any security level even if with the > minimum set is 7 (default). > > Example of events: > > Received From: XXXXXX->/var/log/syslog > Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." > Portion of the log(s): > > Dec 5 08:01:33 XXXXXXX udisksd[3032]: Error performing housekeeping for > drive /org/freedesktop/UDisks2/drives/ST9250827AS_5RG5VLWZ: Error updating > SMART data: sk_disk_check_sleep_mode: Operation not supported > (udisks-error-quark, 0) > > Received From: (xxxxxxxx) > xxx.xxx.xxx.xxx->/var/log/apache2/error_https_8081.log > Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." > Portion of the log(s): > > [Wed Dec 05 07:15:09 2012] [info] [client 127.0.0.1] SSL library error 1 in > handshake (server mydomain.com:443) > > And as said before, my server configuration is the default one with > mail_alerts_level set to 7. > > Thanks for you suggestion :-)
