I'm running on CentOS 7.3.1611 and using the atomic repo which has ossec-hids-2.9.2-2082 and ossec-hids-server-2.9.2-2082. I have done debugging and I'm seeing some things I think are strange. If the condition I'm testing for has happened in the last 15 to 20 minutes before the email is sent, the subject contains the alert message and the body contains the alert message along with other alerts. If the condition is more than 25 to 30 minutes before the email is sent, the subject will still show the alert, but the alert message will not be in the body of the email. Here are some stats from the emails today:
Email Number Earliest reported Arrived of alerts alert 01:00 109 00:36 02:00 110 01:37 03:00 111 02:34 04:00 112 03:39 05:00 113 04:34 06:00 114 05:39 07:00 115 06:36 08:00 116 07:51 09:00 117 08:55 10:00 118 09:56 It seems strange that the number of alerts is incrementing by one each hour. I went back further in the emails and it seems to increment to 186 and then start over at 97. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
