[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: Separate email_to addresses per agent?

Hey!!, the pager idea is great!!!

Daniel, how can we help to get this feature?

Cheers!

On 2/25/07, Daniel Cid < daniel.cid@xxxxxxxxx> wrote:

Hi Michael,

Reply inline.

On 2/24/07, Michael Starks < ossec@xxxxxxxxxxxxxxxxx> wrote:
>
> Are mutiple <e-mail_alerts> tags supported?  For example, can I send it
> to two addresses if greater than level 10?

Yes, you can have as many email_alerts tags as you wish.


> Similar to above, are multiple locations supported?  So, can I have
> alerts for 10 hosts sent to two addresses if they are greater than level
> 10?  How about wildcards within a tag?

Yes, the same applies for locations. You can have as many entries as
you want. We use the os_match library for the event_location, so the
following options are supported:
http://www.ossec.net/wiki/index.php/Know_How:Regex_Readme


> Two other things which would make this useful is a "short version" for
> pagers, and a more granularity (by rule ID, time, etc).  I might, for
> example, want alerts that are greater than level ten to go to pager one
> for a set of ten hosts, and pager 2 for another set of 10, but only on
> weekdays after five and on weekends.  The short version of the alert
> could have enough info in the subject to determine the criticality.
>
> I know this is asking a lot but I see that as being integral to incident
> response.  Only bug me on weekends if it's a big problem, and if I'm
> likely sleeping, it had better be a real big problem! :)


We will keep this in mind for the next version... One feature at a time :)

Thanks,

--
Daniel B. Cid
dcid ( at ) ossec.net

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.