On Nov 13, 2015 1:49 PM, "Daniel Bray" <dbray...@gmail.com> wrote: > > On Friday, November 13, 2015 at 12:17:09 PM UTC-5, dan (ddpbsd) wrote: >> >> Ok, this information is working for me as well. I have tested it on a >> local install and an agent/server install (changing the hostname as >> appropriate). >> >> Is the agent name testserver? Do the hostname of the system and the >> agent name match? > > > > Yes, that all matches up. In fact, I've tried with multiple hostnames or just one hostname, and each time the logtest catches it as "Level: '0' - Description: 'Ignore MIP Alerts'"no matter what I throw at it, but the emails/alerts keep coming in as "Rule: 1002 fired (level 2)". > > I'm even waiting for the email to come in, grabbing the "Portion of the log(s):" from the email and pasting it into the logtest, and each time it comes up as "Level: '0' - Description: 'Ignore MIP Alerts'". >
Try setting the rule to level 2 > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.