ossec-hids-2.6/doc/rules.txt has some guidance on this.
On Fri, Jun 29, 2012 at 2:37 PM, A-Dubbs <[email protected]> wrote: > I would like to determine the level to set Log Alerts in my OSSEC > installation. How was each event assigned a severity level? How have you all > decided the level to set your log alerts? I am concerned about logging too > many events but missing legitimate security events. Your opinions will help. > Thank you.
