I configured ossec and it work almost as expected.
The config contains
Code: Select all
<alerts>
<log_alert_level>1</log_alert_level>
<email_alert_level>7</email_alert_level>
</alerts>
Kind regards
Tonny
Code: Select all
<alerts>
<log_alert_level>1</log_alert_level>
<email_alert_level>7</email_alert_level>
</alerts>
Code: Select all
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Code: Select all
<rule id="1002" level="2">
<pcre2>$BAD_WORDS</pcre2>
<options>alert_by_email</options>
<description>Unknown problem somewhere in the system.</description>
</rule>
Code: Select all
<options>alert_by_email</options>
Code: Select all
core_dumped|failure|error|attack| bad |illegal |denied|refused|unauthorized|fatal|failed|Segmentation Fault|Corrupted
Code: Select all
Aug 23 08:00:21 tech-server nagios: wproc: early_timeout=0; exited_ok=1; wait_status=31488; error_code=0;