[ossec-dev] Re: Redirecting alerts to different recipients

[paul sery <pgsery@xxxxxxxx>]

Gustav H Meyer wrote:
> Hi Paul,
>
> On 07/05/2007 00:21, paul sery wrote:
> > Daniel Cid wrote:
> > > Is that what you are looking for (granular e-mail alerting)? 
> > > http://www.ossec.net/dcid/?p=75
> >
> > That's a great new capability, but unless I can assign arbitrary
> > groups to arbitrary recipients it's not quite what I need. Let's
> > say Alice manages machine A and Bob manages  B, then Alice needs
> > to get A's alert messages and Bob gets B's; or if Bob manages both A 
> > & B, then Alice still gets A's but Bob gets A & B's.
>
> I think you can achieve what you're trying to do by letting the alerts 
> go to a local mailing list in stead of to one or more specific 
> individual's e-mail address. Then you can add and remove members from 
> the mailing list as much as you like without affecting the ossec 
> configs. And the nice thing about a mailing list (e.g.: mailman) is 
> that you can let it archive all alerts for reference purposes.
>
> Regards,
> Gustav
That sounds like a reasonable way of doing it. Thanks.

-Paul