This was a little unclear to me after reading the documenation and searching around...pardon if it's been asked and answered, I simply have not found it.
We have a single server we want to send syslog output to, however, we also want to have different levels for some alerts. Would it be as simple as two syslog_output sections, such as below, or would this create duplicate alerts, take the last syslog_output section, or can it be done in a single section? <syslog_output> <level>8</level> <sever>192.168.0.5</server> </syslog_ouptut> <syslog_output> <level>4</level> <group>invalid_login|adduser|blah|andsoon</group> <sever>192.168.0.5</server> </syslog_ouptut> Thanks! Bob -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.