I have a couple questions: 1) Is there a way to suppress the body of the OSSEC log so that it doesn't necessarily appear in the email? I'm setting up alerting via SMS but the long log messages causes the SMS to get cut off.
2) Do the "<alert>" levels in the ossec.conf affect whether emails go out if using the "<email_alert>" option? I have the alert levels set to the default (1=log and 7=email). I was testing out one of the rules and set the alert level to "6" and no emails were sent when it tripped. I changed it to alert level "10" and got an email doing that though. My understanding was that the email_alert option should be independent of the <alert> setting. TIA!
