I would like to determine the level to set Log Alerts in my OSSEC installation. How was each event assigned a severity level? How have you all decided the level to set your log alerts? I am concerned about logging too many events but missing legitimate security events. Your opinions will help. Thank you.
- [ossec-list] Deciding the Level to Set Log Alerts A-Dubbs
