[ossec-dev] Re: Redirecting alerts to different recipients

[paul sery <pgsery@xxxxxxxx>]

Hi Daniel,

That's a great new capability, but unless I can assign arbitrary groups 
to arbitrary recipients it's not quite what I need. Let's say Alice 
manages machine A and Bob manages  B, then Alice needs to get A's alert 
messages and Bob gets B's; or if Bob manages both A & B, then Alice 
still gets A's but Bob gets A & B's.

Thanks,
Paul

Daniel Cid wrote:
> Hi Paul,
>
> Is that what you are looking for (granular e-mail alerting)?
>
> http://www.ossec.net/dcid/?p=75
>
> Hope it helps.
>
> --
> Daniel B. Cid
> dcid ( at ) ossec.net
>
> On 5/6/07, paul sery <pgsery@xxxxxxxx> wrote:
> > Hey,
> >
> >   I want to direct ossec alerts to the person managing the machine on
> > which it occurred. I'm managing a central logging system and am feeding
> > its event stream into an ossec instance. I've cobbled together a simple
> > active-response script that uses the IP parameter to send the alert ID
> > to the appropriate person, but also would also like to send the log
> > messages that triggered the alert -- like you get in the e-mail alerts.
> > Is there any way of getting that info to the active-response mechanism?
> > Or perhaps I'm missing an obvious way to do the distribution.
> >
> > Thanks,
> > Paul