Portion of the log
38 views
Skip to first unread message
Mikayel Mikayelyan
Jul 31, 2025, 9:03:07 AM7/31/25
to Wazuh | Mailing List
Hello everyone ,
In Wazuh, , I receive the entire gray log in the notification via email. How can I make it so that I only receive the Description? I dont whant receive the log(s) section.
In Wazuh, , I receive the entire gray log in the notification via email. How can I make it so that I only receive the Description? I dont whant receive the log(s) section.
Carlos Ezequiel Bordon
Jul 31, 2025, 11:34:53 AM7/31/25
to Wazuh | Mailing List
Hello, you can use the SMS format option, which is more compact: https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/email-alerts.html#format
This is an example where, in the glanular rule, you set the format to be SMS. In this case the filter is that all rules with an alert level greater than 7 will be sent to the general recipient [sec...@hotmail.com](mailto:sec...@hotmail.com) and to the specific recipients [coxol...@bulmp3.com](mailto:coxol...@bulmp3.com) [filti...@gufum.com](mailto:filti...@gufum.com) and will be sent in SMS format only to these last two. The first is sent with the default format which is full_log. The other two will only send the subject and body because they are in SMS format.
```
<global>
<jsonout_output>yes</jsonout_output>
<alerts_log>yes</alerts_log>
<logall>no</logall>
<logall_json>no</logall_json>
<email_notification>yes</email_notification>
<smtp_server>localhost</smtp_server>
<email_from>sen...@gmail.com</email_from>
<email_to>sec...@hotmail.com</email_to>
<email_maxperhour>120</email_maxperhour>
<email_log_source>alerts.log</email_log_source>
<agents_disconnection_time>10m</agents_disconnection_time>
<agents_disconnection_alert_time>0</agents_disconnection_alert_time>
</global>
<alerts>
<log_alert_level>3</log_alert_level>
<email_alert_level>7</email_alert_level>
</alerts>
<email_alerts>
<email_to>coxol...@bulmp3.com</email_to>
<email_to>filti...@gufum.com</email_to>
<format>sms</format>
<level>7</level>
<do_not_delay/>
</email_alerts>
```
This is an example where, in the glanular rule, you set the format to be SMS. In this case the filter is that all rules with an alert level greater than 7 will be sent to the general recipient [sec...@hotmail.com](mailto:sec...@hotmail.com) and to the specific recipients [coxol...@bulmp3.com](mailto:coxol...@bulmp3.com) [filti...@gufum.com](mailto:filti...@gufum.com) and will be sent in SMS format only to these last two. The first is sent with the default format which is full_log. The other two will only send the subject and body because they are in SMS format.
```
<global>
<jsonout_output>yes</jsonout_output>
<alerts_log>yes</alerts_log>
<logall>no</logall>
<logall_json>no</logall_json>
<email_notification>yes</email_notification>
<smtp_server>localhost</smtp_server>
<email_from>sen...@gmail.com</email_from>
<email_to>sec...@hotmail.com</email_to>
<email_maxperhour>120</email_maxperhour>
<email_log_source>alerts.log</email_log_source>
<agents_disconnection_time>10m</agents_disconnection_time>
<agents_disconnection_alert_time>0</agents_disconnection_alert_time>
</global>
<alerts>
<log_alert_level>3</log_alert_level>
<email_alert_level>7</email_alert_level>
</alerts>
<email_alerts>
<email_to>coxol...@bulmp3.com</email_to>
<email_to>filti...@gufum.com</email_to>
<format>sms</format>
<level>7</level>
<do_not_delay/>
</email_alerts>
```
Mikayel Mikayelyan
Aug 5, 2025, 6:53:52 AM8/5/25
to Wazuh | Mailing List
thank you
Carlos its work
четверг, 31 июля 2025 г. в 08:34:53 UTC-7, Carlos Ezequiel Bordon:
Mikayel Mikayelyan
Aug 5, 2025, 6:53:52 AM8/5/25
to Wazuh | Mailing List
Thanks, Carlos its work
четверг, 31 июля 2025 г. в 08:34:53 UTC-7, Carlos Ezequiel Bordon:
Hello, you can use the SMS format option, which is more compact: https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/email-alerts.html#format
Reply all
Reply to author
Forward
0 new messages