On Fri, Jan 13, 2017 at 10:26 AM, Joel <jbro...@oddelement.com> wrote:
> Hi all,
> I've been using osssec for a while now and I really like it.
> I'm now trying to integrate ossec with a monitoring application. I'd like
> to have ossec send Alerts to a remote host via syslog.
> I have it all working, with one exception. It looks like ossec forwards ALL
> events as local0.warning.
> is this configurable? is there a way to change it?
> what I'd really love is a way to set an Alert level to a specific facility /
> severity so that the monitoring system can handle different events
> differently without having to do much parsing of the message contents.
> Does anyone have any tips or pointers?
There's no configuration to change that, you'll have to modify the source code.
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
For more options, visit https://groups.google.com/d/optout.