Hi Fredrik, this is the flow:
- The integrator reads the alerts from alerts*.log *filtering by *rule_id*, *level*, *group *or *event_location*. - It executes the script using the arguments *hook_url *and *api_key*. - The slack script send the alert to slack. Clarification: The host specific alerts are sent to slack but the agent > alerts are being ignored. Review your integrator configuration, maybe you have a filter to get only alerts in the current host. Share here the config. Regards. On Tuesday, May 23, 2017 at 10:55:55 AM UTC+2, Fredrik Hilmersson wrote: > > Clarification: The host specific alerts are sent to slack but the agent > alerts are being ignored. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
