store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Mon Jan 25, 2021 9:21 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: email_alert_level setting ignored
Unread postPosted: Sat Dec 19, 2020 1:26 pm 
Offline
New Forum User
New Forum User

Joined: Sat Dec 19, 2020 1:16 pm
Posts: 2
Location: US
New install of ossec server on Debian 10, clients on Debian and Centos hosts
Contents of /etc/ossec-init.conf
DIRECTORY="/var/ossec"
VERSION="v3.6.0"
DATE="Mon Sep 14 18:34:57 UTC 2020"
TYPE="server"

I set the alerts thusly, and restarted ossec:
# grep alert ossec.conf
<alerts>
<log_alert_level>1</log_alert_level>
<email_alert_level>10</email_alert_level>
</alerts>

But I'm still getting emails for events of level 2, 3 etc, which I thought would be inhibited by the value of this parameter.

What am I missing?


Top
 Profile  
Reply with quote  
 Post subject: Re: email_alert_level setting ignored
Unread postPosted: Mon Dec 21, 2020 9:40 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Fri Oct 09, 2020 9:41 am
Posts: 5
Good morning!

<log_alert_level>1</log_alert_level>

The value entered here will allow alerts from any events level 1 or higher. If you only want level 7 or higher, you would set <log_alert_level>7</log_alert_level>

https://www.ossec.net/docs/docs/syntax/ ... lert_level


Top
 Profile  
Reply with quote  
 Post subject: Re: email_alert_level setting ignored
Unread postPosted: Mon Dec 21, 2020 12:14 pm 
Offline
New Forum User
New Forum User

Joined: Sat Dec 19, 2020 1:16 pm
Posts: 2
Location: US
cponton wrote:
Good morning!

<log_alert_level>1</log_alert_level>

The value entered here will allow alerts from any events level 1 or higher. If you only want level 7 or higher, you would set <log_alert_level>7</log_alert_level>

https://www.ossec.net/docs/docs/syntax/ ... lert_level

Thank you for the sanity check. This seems counter-intuitive, but I'll try it.

Now I'm wondering exactly what the email_alert_level parameter is for....


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group