This was a little unclear to me after reading the documenation and 
searching around...pardon if it's been asked and answered, I simply have 
not found it.

We have a single server we want to send syslog output to, however, we also 
want to have different levels for some alerts.   Would it be as simple as 
two syslog_output sections, such as below, or would this create duplicate 
alerts, take the last syslog_output section, or can it be done in a single 
section?   

<syslog_output>
    <level>8</level>
    <sever>192.168.0.5</server>
</syslog_ouptut>

<syslog_output>
    <level>4</level>
    <group>invalid_login|adduser|blah|andsoon</group>
    <sever>192.168.0.5</server>
</syslog_ouptut>
   

Thanks!
Bob


-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to