How to stop OSSEC HIDS sending me level 2 alerts?

I have OSSEC HIDS (2.8.3) installed (I have it set up as a local installation) and setup so that it sends me email alerts for the various alert levels. The only problem is with level 2 alerts which are normally nothing of importance and just spam my inbox.

So I was wondering if there is any way of stopping it from sending me level 2 alerts so that it sends me all the others but just not those? (I am looking for something which I can configure in the OSSEC HIDS settings, I don't want a sort of just external hack which filters the emails it sends me or something because that could run the risk of it filtering out other alert levels too.)

1 Answer

For say if you want to get only alerts greater than 8 you can filter that by adding the below snippet in your server's ossec.conf file,

-email_alerts-
-level-8-/level-
-/email_alerts-

Not sure why couldn't use <> symbols use <> instead of - for opening and closing brackets This will help to trigger alerts levels of 8 and 8+.

1 Answer

Your Answer

Sign up or log in

Post as a guest

Related Journals

Can you get your own house?

I lost my Pegassi Oppressor Mk II after replacing it, how do I get it back? [duplicate]

Is it possible to activate a single random wire in Terraria?

Fez: Treasure Chest in the sewer/well area with acid