Hi all, I've been using osssec for a while now and I really like it.
I'm now trying to integrate ossec with a monitoring application. I'd like to have ossec send Alerts to a remote host via syslog. I have it all working, with one exception. It looks like ossec forwards ALL events as local0.warning. is this configurable? is there a way to change it? what I'd really love is a way to set an Alert level to a specific facility / severity so that the monitoring system can handle different events differently without having to do much parsing of the message contents. Does anyone have any tips or pointers? thanks! J -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
