maldet will never send slack notifications in monitor mode. #387
Comments
|
Dang, thanks for this. I was wondering what broke my notifications. Guess I'll have a manual cron job stop monitor before my full scan |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If we are running in monitor mode, then the daily crontab will simply call 'maldet --monitor-report', this calls genalert in digest mode instead of file mode.
The scan function calls genalert in file mode, but that function doesn't get used by monitor mode.
The trap function calls genalert in file mode, but only if svc is a, r, or f, and for monitor mode it is m.
As such, though it is not documented as such, using monitor mode prevents all slack alerts from being generated.
Would a pull request to add slack notification support to record_hit be accepted? Alternatively, what about one to allow some form of custom command hooks for record_hit and genalert?
The text was updated successfully, but these errors were encountered: