[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ossec-list] email questions

Subject: [Ossec-list] email questions
From: ossec-list at ossec.net (OSSEC HIDS Maillist)
Date: Tue, 6 Dec 2005 16:38:23 -0500

Hello,

     I have a question about the emailing of log files.  OSSEC runs
fine, when it detects a problem/issue it will fire off an email.

When there are multiple issues, within the timeframe it all gets sent
as one email.

I get an email like this:

  OSSEC HIDS Notification - Alert level 7

Authenication failure trap
.......
Bad su
.........
Rule: 15 fired (level 4) -> "Rootkit detection engine message"


Here are the problems I have with that:

1.)  I don't understand the timeframe system checks are made

2.)  The email subject was OSSEC HIDS Notification - Alert level 7,
this was not the case for everything in the email though.

is there a way to tweak the time it takes for email to be sent?  Can
we have it fire off email, for each seperate event??  The email with
multiple problems is really not good for me.

Thanks,
Jim

Follow-Ups:
- [Ossec-list] email questions
  - From: OSSEC HIDS Maillist

Next by Date: [Ossec-list] email questions
Next by thread: [Ossec-list] email questions
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.