[ossec-list] Re: Granular Email Options

["Daniel Cid" <daniel.cid@xxxxxxxxx>]

Hi,

It is currently not the possible. The design we chose is that every
e-mail alert will
go to the main address specified in the global section (the alerts
that should be e-mailed are set in the "email_alert_level" option or
within a specific rule).

>From within these e-mails is that we filter with the granular e-mail
options... So, if in
the granular option you choose to email everything above level 1, it
will in fact only
be e-mailed the ones above "email_alert_level". Does it makes sense?

Thanks,

--
Daniel B. Cid
dcid ( at ) ossec.net


On 9/17/07, tswmmeejsdad@xxxxxxxxx <tswmmeejsdad@xxxxxxxxx> wrote:
>
> Adding to this discussion, is it possible to have one particular rule
> ID email me at andy@xxxxxxxxxxxx and not email the default email
> address sysadmin@xxxxxxxxxxxx?
>
> I've applied the following rules below to ossec.conf and it's working
> ok but I'm getting two emails - one is sent to sysadminy@xxxxxxxxxxxx
> based on the <global> rules and another sent to my email address based
> on the <email_alerts> rule. I just want rule id 100002 to be sent to
> my personal email address and not the entire sysadmin email address???
> Thanks.
>
>   <global>
>     <email_notification>yes</email_notification>
>     <email_to>sysadmin@xxxxxxxxxxxx</email_to>
>     <smtp_server>mail.mydomain.com</smtp_server>
>     <email_from>ossecm@xxxxxxxxxxxx</email_from>
>   </global>
>
>  <email_alerts>
>    <email_to>andy@xxxxxxxxxxxx</email_to>
>    <rule_id>100002</rule_id>
>    <do_not_delay />
>    <do_not_group />
>  </email_alerts>
>
>   <alerts>
>     <log_alert_level>1</log_alert_level>
>     <email_alert_level>4</email_alert_level>
>   </alerts>
>
>
>
>
>