List, I need your helps...
OSSEC has the ability to discriminate critical alerts using the Alert
Level. Now, what happens when I use a second critical factor in terms
of servers?
For example...
Critical H
SRV-PROD1
SRV-PROD2
roule id="1852" with alert level="8"
Critical M
SRV-DESA1
SRV-DESA2
roule id="1852" with alert level="7"
Critical L
SRV-RECO1
SRV-TEMP
roule id="1852" with alert level="5"
What if I want to take the spoils but with a warning alert level
different? (because a server is more critical than the other).
Can create multiple Instance on the same server? in practice, how can
one discriminate xml (with rules) for different servers? Can i do
that? (maybe with more instance on the ossec server)
ThankĀ“s
--
Martin Tartarelli
Linux User #476492
--
