Hi Paul, On 07/05/2007 00:21, paul sery wrote:
Daniel Cid wrote:Is that what you are looking for (granular e-mail alerting)? http://www.ossec.net/dcid/?p=75That's a great new capability, but unless I can assign arbitrary groups to arbitrary recipients it's not quite what I need. Let's say Alice manages machine A and Bob manages B, then Alice needsto get A's alert messages and Bob gets B's; or if Bob manages both A & B, then Alice still gets A's but Bob gets A & B's.
I think you can achieve what you're trying to do by letting the alerts go to a local mailing list in stead of to one or more specific individual's e-mail address. Then you can add and remove members from the mailing list as much as you like without affecting the ossec configs. And the nice thing about a mailing list (e.g.: mailman) is that you can let it archive all alerts for reference purposes.
Regards, Gustav