OSSEC Notification Settings

OSSEC_NOTIFY

• Configure OSSEC to send alert notifications over email or not. [Default: yes]

OSSEC_EMAIL

• Email address to send all OSSEC alert notifications.

OSSEC_SMTP_SERVER

• SMTP server to send OSSEC alert notifications.

OSSEC_FROM

• From: line used for OSSEC alert notifications.

HIDS_EMAIL_ALERT_LEVEL

• This controls the minimum level an alert will need to be in order to activate an email event. Some events will be sent that are lower levels than this, for example 1002 which is the suspicious event alert. You can disable specific over rides in the rule manager. [Default: 7]

OSSEC_MAX_MSG

• Maximum number of email messages OSSEC will send per hour. Multiple alerts will be sent in digest mode (a single email). The range in this setting must be between 1 and 9999. Setting this to any number outside of this range will cause the maild service to fail.