ospatrol.conf: Granular Email options¶
Overview¶
Notes¶
Global email configuration is necessary to use the granular email options.
Location¶
All global options must be configured in the /var/ospatrol/etc/ospatrol.conf and used within the <ospatrol_config> tag.
XML excerpt to show location:
<ospatrol_config>
<email_alerts>
<!--
Email_alerts options here
-->
</email_alerts>
</ospatrol_config>
Options¶
- email_alerts¶
- email_to¶
E-Mail recipients of alerts
Allowed: Any valid e-mail address
- level¶
Minimum alerting level to forward the e-mails.
Allowed: Any alert level 0 to 16
Note
level should be set at or above the email_alert_level in the <alerts> section of the configuration.
- group¶
The alert that must match this group to be forwarded.
Allowed: One group or category
- event_location¶
The alert must match this event location to be forwarded. If multiple <event_location> options are specified, the last will be used.
Allowed: Any single agent name, hostname, ip address, or log file
- format¶
Specifies the format of the e-mail
- full: for normal e-mails
- sms: for reduced size suitable for SMS
Default: full
Allowed: full/sms
- rule_id¶
Option to send granular emails based on rule id.
Allowed:* One or more rule IDs can be used here, separated by a comma and space (``, ``).
Example:
<rule_id>5701, 5702</rule_id>
- do_not_delay¶
Option to send the e-mail right away (no delay).
Example:
<do_not_delay />
- do_not_group¶
Option to do not group alerts for this e-mail.
Example:
<do_not_group />
Examples¶
Example email alerts configurations:¶
Global Configuration:¶
<global>
<email_notification>yes</email_notification>
<email_to>admin@example.com</email_to>
<smtp_server>127.0.0.1</smtp_server>
<email_from>ospatrolm@example.com</email_from>
</global>
Global Configuration with a larger maximum emails per hour:¶
<global>
<email_notification>yes</email_notification>
<email_to>admin@example.com</email_to>
<smtp_server>127.0.0.1</smtp_server>
<email_from>ospatrolm@example.com</email_from>
<email_maxperhour>100</email_maxperhour>
</global>
Granular Email alert: Level 12 and above:¶
<email_alerts>
<email_to>other_admin@example.com</email_to>
<level>12</level>
</email_alerts>
Syscheck alerts to syscheck admin address:¶
<email_alerts>
<email_to>syscheck-admin@example.com</email_to>
<group>syscheck</group>
</email_alerts>
Level 15 alerts from agent007 without delay or grouping:¶
<email_alerts>
<email_to>bond@example.com</email_to>
<event_location>agent007</event_location>
<level>15</level>
<do_not_delay />
<do_not_group />
</email_alerts>