Hello,I currently need to have ossec send the alert forward to a specific email for a specific event out of the Syslog. In the ossec.conf I added an <email_to> clause with the email and the severity level, but there it seems like there is no <match> type of a clause to put there so it matches just a specific rule out of syslog. Is it possible to somehow do this through local_rules file?
Thank you for your help, Artyom -- To unsubscribe, reply using "remove me" as the subject.
