Re: [ossec-list] Deciding the Level to Set Log Alerts
ossec-hids-2.6/doc/rules.txt has some guidance on this. On Fri, Jun 29, 2012 at 2:37 PM, A-Dubbs arlendelcasti...@gmail.com wrote: I would like to determine the level to set Log Alerts in my OSSEC installation. How was each event assigned a severity level? How have you all decided the level to set your log alerts? I am concerned about logging too many events but missing legitimate security events. Your opinions will help. Thank you.
[ossec-list] Deciding the Level to Set Log Alerts
I would like to determine the level to set Log Alerts in my OSSEC installation. How was each event assigned a severity level? How have you all decided the level to set your log alerts? I am concerned about logging too many events but missing legitimate security events. Your opinions will help. Thank you.