Hi i have a problem with syslog alerts.
i wrote this line in config for mailing integrity changes.
alerts
email_alert_level11/email_alert_level
/alerts
but it send all alerts to mail.
what i must also change for this?
--
---
You received this message because you are subscribed
Hi,
I'm trying to get 'Rule 10' below setup so it will alert me to when the
'EventLog' service has stopped. To do this I'm looking at using the event
ID 6006, then matching the event log text to the string 'INFORMATION(6006)'
but this does not seem to work.
This method has worked for
On Wed, Sep 3, 2014 at 5:32 AM, richard osborn rosborniis...@gmail.com wrote:
Hi,
I'm trying to get 'Rule 10' below setup so it will alert me to when the
'EventLog' service has stopped. To do this I'm looking at using the event ID
6006, then matching the event log text to the string
On Wed, Sep 3, 2014 at 9:04 AM, richard osborn rosborniis...@gmail.com wrote:
Yes I have try the id tags and they don't seem to pick up any event ID
'6006' or '104'.
Ok, well that's pretty much the limit of what I can do without log
samples to play around with. Good luck!
On Wednesday,
Here's a snippet of the log that I'm trying to pick up, if this is of any
use?
Log Name: System
Source:EventLog
Date: 02/09/2014 09:24:56
Event ID: 6006
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer:
On Wed, Sep 3, 2014 at 9:19 AM, richard osborn rosborniis...@gmail.com wrote:
Here's a snippet of the log that I'm trying to pick up, if this is of any
use?
Log Name: System
Source:EventLog
Date: 02/09/2014 09:24:56
Event ID: 6006
Task Category: None
Level:
The rules that are firing have a specific tag that overrules the default
email alert level. Look hem op on The rules files
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send
Hi All,
I (still) have a fairly default install. Looking at the config-ed level for
mail notifications I have only this configured:
alerts
log_alert_level1/log_alert_level
email_alert_level7/email_alert_level
/alerts
Besides this a have a global part configured just to be able to
Afternoon all, I am reading my .pdf chapters and have my server setup,
active responses humming along and now introduced my 1st agent. Doc's
were spot on, so he was up rather quickly, this guy is an apache server,
and it's testing some new code, so as I roll out OSSEC to more servers, I
hit
- Original Message -
h
On Wed, Aug 8, 2012 at 3:39 PM, p...@biciunas.com
You restarted the OSSEC processes after setting it to that?
Can you check the maillog on the mail server to see if the email is
attempted to be delivered? You could try running the OSSEC processes
on the
On Thu, Aug 9, 2012 at 8:18 AM, p...@biciunas.com
paul.biciu...@comcast.net wrote:
- Original Message -
h
On Wed, Aug 8, 2012 at 3:39 PM, p...@biciunas.com
You restarted the OSSEC processes after setting it to that?
Can you check the maillog on the mail server to see if the email
In my ossec.conf, the alert element has email_alert_level set to 7 and
the log_alert_level set to 1 and I have enabled emailing during
setup.
The problem is I'm getting email alerts for levels which are less than
7 also. Is there any additional configuration which we need to pass ?
I went through
Check the rules with level less than 7. Some rules have an option turned on
to always send emails.
On Sep 28, 2011 4:32 AM, AlgoBoy manjun...@chronus.com wrote:
In my ossec.conf, the alert element has email_alert_level set to 7 and
the log_alert_level set to 1 and I have enabled emailing during
Hi Dan,
On Mon, Jun 13, 2011 at 8:53 AM, 2secureit 2secur...@gmail.com wrote:
rule id=514 level=2 overwrite=yes
if_sid510/if_sid
match^Application Found/match
optionsalert_by_email/options
descriptionWindows application monitor event./description
grouprootcheck,/group
rule id=514 level=2 overwrite=yes
if_sid510/if_sid
match^Application Found/match
optionsalert_by_email/options
descriptionWindows application monitor event./description
grouprootcheck,/group
/rule
This is in my local rules and has not sent an email, however if I look
at
Hi Moazami,
On Thu, Apr 28, 2011 at 10:58 AM, moazami lmshari...@yahoo.com wrote:
Hi dan,
Are the emails being rejected?
I receive this error in log file:
2011/03/01 13:56:59 ossec-maild(1223): ERROR: Error Sending email to
67.28.113.19 (smtp server)
You'll have to find out why the smtp
Hi dan,
Are the emails being rejected?
I receive this error in log file:
2011/03/01 13:56:59 ossec-maild(1223): ERROR: Error Sending email to
67.28.113.19 (smtp server)
Are the alerts being triggered high enough level to be emailed out?
yes.
How do you have it configured?
I configured in
Hi dan,
Are the emails being rejected?
I receive this error in log file:
2011/03/01 13:56:59 ossec-maild(1223): ERROR: Error Sending email to
67.28.113.19 (smtp server)
Are the alerts%2
Hi moazami,
On Sun, Apr 24, 2011 at 4:22 PM, moazami lmshari...@yahoo.com wrote:
I am beginner to ossec.
Is email alerts for server type only or it is for local type too?
It should work for both server and local.
why alerts log for me but don't email to me? can i placed email address, my
Op 24/04/2011 22:22, moazami schreef:
I am beginner to ossec.
Is email alerts for server type only or it is for local type too?
why alerts log for me but don't email to me? can i placed email
address, my gmail address, and smtp server be gmail smtp server?
thanks a lot.
Hello,
ossec can
I am beginner to ossec.
Is email alerts for server type only or it is for local type too?
why alerts log for me but don't email to me? can i placed email address, my
gmail address, and smtp server be gmail smtp server?
thanks a lot.
I can't seem to find in the documentation anywhere about the ability to
email when Active Response executes a block on IP or when it would drop it.
I know you can see the block message in the Active Response log, so is there
a way to email those messages as well? Maybe I'm missing something or
Hi James,
On Tue, Feb 8, 2011 at 2:07 PM, James Ford james0...@gmail.com wrote:
I can't seem to find in the documentation anywhere about the ability to
email when Active Response executes a block on IP or when it would drop it.
I know you can see the block message in the Active Response log,
Makes sense...just wanted to make sure there wasn't an easier way already
built into ossec that I'd just need to modify the ossec.conf file to
initiate. Thanks for the quick response!
On Tue, Feb 8, 2011 at 11:51 AM, dan (ddp) ddp...@gmail.com wrote:
Hi James,
On Tue, Feb 8, 2011 at 2:07 PM,
I have set the granular email alert optios to only sen email for alert
2 (or at least that's what I'm trying to do.
Could somebody please point out what I'm missin as I keep getting
level 2 email alerts.
Thanks
-- config snippet -
global
Hi All,
We get tons of email alerts from specific agents for the same rules
where the behavior is expected. These events the alert is being sent for
is a non-issue, so we're looking for a way to keep the alerts from being
sent only from the agent in question.
We don't want to disable the
26 matches
Mail list logo