Can someone please help ossec group notification.
I want to setup file integrity checking, if there is any change, send an
email to group_a *ONLY*
config attached below:
--- ossec.conf ---
<email_alerts>
<email_to>[email protected]</email_to>
<group>group_a</group>
</email_alerts>
--- local_rules.xml ---
<rule id="100102" level="6">
<if_group>syscheck</if_group>
<match>New file '/home/leo/testing</match>
<description>/home/leo/testing changes.</description>
<group>group_a</group>
<options>alert_by_email</options>
</rule>
However it seems every time when this is triggered, according to ossec's
document: it only *adds *group_a to syscheck alert list.
therefore I end up with alert sending to everyone, alert log attached below:
** Alert 1454471950.6708: mail - *local,syslog,group_a*
Is there any way to create a rule to send notification/alert to group_a
only?
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
