http://ossec-docs.readthedocs.io/en/latest/syntax/head_ossec_config.alerts.html
So if I understand this correctly, based on the default 'alert levels' defined in the ossec.conf file on the Ossec server, I just need to edit individual rule levels in the xml rule files located in /var/ossec/rules/ on my Ossec server, and there's currently only 3 levels that matter. 0 = no alert 1 = display the logs 7 = trigger an email As long as my desired rule definitions are already listed in the rule files located on the Ossec server, I don't need to do anything custom on the agents (clients)? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.