Hi all, I would like to forward only some of OSSEC's alerts via syslog to a commercial SIEM device, e.g., rootcheck and syscheck events; however I only found documentation on filtering syslog by alert level.
Would there be a creative way, using local rules perhaps, to filter only certain groups of alerts to forward by syslog? Or maybe is this a feature request for D. Cid? ;-) Thanks, Alessandro
