[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-dev] Redirecting alerts to different recipients

To: ossec-dev@xxxxxxxxx
Subject: [ossec-dev] Redirecting alerts to different recipients
From: paul sery <pgsery@xxxxxxxx>
Date: Sun, 06 May 2007 02:35:01 -0600

Hey,

  I want to direct ossec alerts to the person managing the machine on 
which it occurred. I'm managing a central logging system and am feeding 
its event stream into an ossec instance. I've cobbled together a simple 
active-response script that uses the IP parameter to send the alert ID 
to the appropriate person, but also would also like to send the log 
messages that triggered the alert -- like you get in the e-mail alerts. 
Is there any way of getting that info to the active-response mechanism? 
Or perhaps I'm missing an obvious way to do the distribution.

Thanks,
Paul

Follow-Ups:
- [ossec-dev] Re: Redirecting alerts to different recipients
  - From: Daniel Cid

Prev by Date: [ossec-dev] Re: Possible rootkit false positive for Debian? - Advice
Next by Date: [ossec-dev] Re: Redirecting alerts to different recipients
Previous by thread: [ossec-dev] Re: Possible rootkit false positive for Debian? - Advice
Next by thread: [ossec-dev] Re: Redirecting alerts to different recipients
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.