Hi, I don't know; that's what I'm trying to figure out; can you tell me where to look for the info you're asking about?
On Tuesday, December 10, 2013 3:33:22 AM UTC+1, dan (ddpbsd) wrote: > > On Sun, Dec 8, 2013 at 2:57 AM, evangeline eleanor > <evangelin...@gmail.com <javascript:>> wrote: > > Hi, > > > > I'm trying to figure out when the rule for invalid su attempts is > generated > > and email dispatched. Whenever my client attempts to login to root > account > > by using su, an alert is triggered in the > /var/ossec/logs/alerts/alerts.log. > > > > I would like to know the threshold when an email alert is being sent: > how > > many invalid login attempts does it take in certain time to send en > email. > > And how to change that to send an email on every invalid attempt. > > > > Thank you > > > > What is your email_alert_level? What level is the su rule? > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com <javascript:>. > > For more options, visit https://groups.google.com/groups/opt_out. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
