Any idea?
---------- Forwarded message ---------- From: Martin Tartarelli <[email protected]> Date: 2009/2/13 Subject: OSSEC with one or more Instance To: [email protected] List, I need your helps... OSSEC has the ability to discriminate critical alerts using the Alert Level. Now, what happens when I use a second critical factor in terms of servers? For example... Critical H SRV-PROD1 SRV-PROD2 roule id="1852" with alert level="8" Critical M SRV-DESA1 SRV-DESA2 roule id="1852" with alert level="7" Critical L SRV-RECO1 SRV-TEMP roule id="1852" with alert level="5" What if I want to take the spoils but with a warning alert level different? (because a server is more critical than the other). Can create multiple Instance on the same server? in practice, how can one discriminate xml (with rules) for different servers? Can i do that? (maybe with more instance on the ossec server) ThankĀ“s -- Martin Tartarelli Linux User #476492 --
