In my ossec.confg I have the following: <alerts> <log_alert_level>5</log_alert_level> <email_alert_level>8</email_alert_level> </alerts>
This produces an email alert that shows me the event that triggered the alert and then bellow that it show “Portion of the log(s):”. However, from what I can tell the first event shown in the log is the triggering event. All the other lines are events from the master ossec server not the client where the triggering event happened. Is there anyway to get rid of the “Portion of the log(s):” part of the email? Louis -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
