I would think you could run an "active" response where instead of doing something typical like slamming down the firewall you could generate your syslog message in the response. Then you have access to each of the pieces and can just send the one(s) you want.
-Walden -- Walden H Leverich III Tech Software & BEC - IRBManager (516) 627-3800 x3051 [email protected] http://www.TechSoftInc.com http://www.IRBManager.com Quiquid latine dictum sit altum viditur. (Whatever is said in Latin seems profound.) -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of C. L. Martinez Sent: Friday, March 30, 2012 10:09 AM To: [email protected] Subject: [ossec-list] Sending description to third party device Hi all, I have configured an ossec server to forward data to a third party device via syslog. But instead to forward all log data I would like to forward only the alert description. Is it possible to do this with ossec?? Thanks.
