On Thu, Sep 28, 2017 at 11:45 AM, Ed Killian <edtechnog...@gmail.com> wrote: > I'm running on CentOS 7.3.1611 and using the atomic repo which has > ossec-hids-2.9.2-2082 and ossec-hids-server-2.9.2-2082. > I have done debugging and I'm seeing some things I think are strange. > If the condition I'm testing for has happened in the last 15 to 20 minutes > before the > email is sent, the subject contains the alert message and the body contains > the > alert message along with other alerts. If the condition is more than 25 to > 30 minutes > before the email is sent, the subject will still show the alert, but the > alert message will > not be in the body of the email. Here are some stats from the emails today: >
Basically, the subject and body don't match? > Email Number Earliest reported > Arrived of alerts alert > 01:00 109 00:36 > 02:00 110 01:37 > 03:00 111 02:34 > 04:00 112 03:39 > 05:00 113 04:34 > 06:00 114 05:39 > 07:00 115 06:36 > 08:00 116 07:51 > 09:00 117 08:55 > 10:00 118 09:56 > > It seems strange that the number of alerts is incrementing by one each hour. > I went back further in the emails and it seems to increment to 186 and then > start over at 97. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
