On Feb 8, 2016 5:31 PM, "Leo G" <[email protected]> wrote: > > Can someone please help ossec group notification. > > I want to setup file integrity checking, if there is any change, send an email to group_a ONLY > > config attached below: > --- ossec.conf --- > <email_alerts> > <email_to>[email protected]</email_to> > <group>group_a</group> > </email_alerts> > > --- local_rules.xml --- > <rule id="100102" level="6"> > <if_group>syscheck</if_group> > <match>New file '/home/leo/testing</match> > <description>/home/leo/testing changes.</description> > <group>group_a</group> > <options>alert_by_email</options> > </rule> > > However it seems every time when this is triggered, according to ossec's document: it only adds group_a to syscheck alert list. > therefore I end up with alert sending to everyone, alert log attached below: > > ** Alert 1454471950.6708: mail - local,syslog,group_a > > Is there any way to create a rule to send notification/alert to group_a only? >
A limitation of maild is that it always sends an email to the default email address. > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
