So I have Nagios as well OSSEC on the same system and because OSSEC is set to check /var/log/messages I inadvertently receive email if Nagios cant connect/check the remote hosts for whatever reason.
Like so Receive From : XXXXXX-> /var/log/messages Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." Portion of log(s): XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX How would i go about changing the level for /var/log/message so its only send mail when a higher alert is logged, or is there a different solution entirely to prevent OSSEC alerting about Nagios.
