How is this related to this thread? Why did you post this same message multiple times?
On Tue, Aug 21, 2012 at 7:12 AM, Kholidy <hisham.doc...@gmail.com> wrote: > What about the evaluation using a specific attacks. Are there any rules > available online for some kind of attacks like DOS or SQL injection. Is > there any one has evualuated OSSEC against some attacks and get alerts that > explain that there is an attack detected. Right now, we get only alerts > with level numbers without any information about attack name or type. > > > On Saturday, April 14, 2012 11:01:18 AM UTC-7, dan (ddpbsd) wrote: >> >> Syslog severity plays no role in OSSEC. >> >> On Apr 14, 2012 1:58 PM, "ignasr" <ign...@vault13.lt> wrote: >>> >>> Hello all, >>> >>> what should I do if I want OSSEC to send email notifications on >>> severity err and higher of messages, read from a syslog <localfile>? >>> Syslog events from several servers are written to that file. >>> >>> It seams there is no simple way of doing that, because message >>> severity is not saved to a syslog file. >>> >>> Thank you, >>> IgnasR >>> >>> p.s. sorry for a double post. My previous post can be deleted.