http://www.ossec.net/doc/syntax/head_ossec_config.syslog_output.html Put the following inside of the <syslog_output> section: <level>10</level>
On Mon, Jun 6, 2011 at 7:48 AM, Walker, Barry <barry.wal...@lids.com> wrote: > > Can I setup the output of syslog to send only alert level 10 and above? > Below is what I have so far. The first syslog server is Splunk and the > second syslog server is Orion. Currently the email alerts are set at 10. > > > > <syslog_output> > > <server>172.25.1.150</server> > > <port>10002</port> > > </syslog_output> > > > > <syslog_output> > > <server>172.25.1.87</server> > > </syslog_output> > > > > <alerts> > > <log_alert_level>1</log_alert_level> > > <email_alert_level>10</email_alert_level> > > </alerts> > > > > The Orion server is seeing all of our syslog information (example below). > The purpose is setup the Orion server to perform the email notification for > all devices such as point-of-sale terminals, switches, routers, etc. > > > > > > > > BW > >