I have replaced my original server and installed the new 2.5.1
software.
I have updated all of my Agents to the new version also.
One of the problems that I have always had is that I receive emails
for all alert levels even though the default levels are log level 1
and email alert at 7.
thanks
Here it the applicable configuration entry.
<alerts>
<log_alert_level>1</log_alert_level>
<email_alert_level>7</email_alert_level>
</alerts>
Here is a message that is a level 4, should i not be receiving this
alert?
OSSEC HIDS Notification.
2010 Nov 09 10:20:11
Received From: (it-onecard) xxx.xxx.xxx.xxx ->/var/log/secure
Rule: 10100 fired (level 4) -> "First time user logged in."
Portion of the log(s):
Nov 9 10:20:11 HOSTNAME sshd[14217]: Accepted password for UID from
xxx.xxx.xxx.xxx port 2772 ssh2
--END OF NOTIFICATION
