Alerts to a single E-Mail Address

In order to send notifications to a single address three items need to be setup within ossec.conf

Global E-Mail address destination

The destination email address and mail host should be configured inside the <global> section of the /var/ossec/etc/ossec.conf.

<ossec_config>
    <global>
        <email_notification>yes</email_notification>
        <email_to>me@example.com</email_to>
        <smtp_server>mx.example.com..</smtp_server>
        <email_from>ossec@example.com</email_from>

Full details on all the options are available at ossec.conf: Global options

Note

If the smtp_server entry contains a hostname, /etc/resolv.conf will probably have to be copied to OSSEC’s etc directory (/var/ossec/etc by default).

Set the alert levels that will send notifications

The minimum email_alert_level can be set inside the <alerts> section of the /var/ossec/etc/ossec.conf file.

<ossec_config>
    <alerts>
        <email_alert_level>10</email_alert_level>

Full details on all the options are available at ossec.conf: Alerts Options

Restart OSSEC to complete the changes

OSSEC needs to be restarted for the change to take effect.

# /var/ossec/bin/ossec-control restart