How to stop OSSEC HIDS sending me level 2 alerts?

Question

I have OSSEC HIDS (2.8.3) installed (I have it set up as a local installation) and setup so that it sends me email alerts for the various alert levels. The only problem is with level 2 alerts which are normally nothing of importance and just spam my inbox.

So I was wondering if there is any way of stopping it from sending me level 2 alerts so that it sends me all the others but just not those? (I am looking for something which I can configure in the OSSEC HIDS settings, I don't want a sort of just external hack which filters the emails it sends me or something because that could run the risk of it filtering out other alert levels too.)

score 2 · Answer 1 · edited Jun 02 '16 at 11:08

2

For say if you want to get only alerts greater than 8 you can filter that by adding the below snippet in your server's ossec.conf file,

-email_alerts-
-level-8-/level-
-/email_alerts-

Not sure why couldn't use <> symbols use <> instead of - for opening and closing brackets This will help to trigger alerts levels of 8 and 8+.

edited Jun 02 '16 at 11:08

Kalle Richter

6,519

answered Jun 02 '16 at 09:56

Saravana

21

How to stop OSSEC HIDS sending me level 2 alerts?

1 Answers1