I installed ossec with local installation and is working fine. It is sending email alerts fine but seems to be sending the same email over and over for an alert.
For example, an alert email is sent for
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
What I am trying to set up is to send email about this only once. Currently, it keeps sending email about this alert every 6 or 7 minutes.
The issue seems to be that rule 1002 will catch a bunch of cases and getting an alert is fine. But getting the same alert 100 times doesn't seem to make sense. Anyway to fix this?