log_alert_levels versus syslog_output > level?

[Xtina Schelin]

In the ossec.conf file, I see two settings:

alerts > log_alert_level

syslog_output > level

What is the meaningful difference between these two?

[InfoSec]

Alerts --> Alert level has to do with the event level threshold below which events are dropped and not placed in the alerts file.

Syslog --> Level has to do with the event level threshold below which events are not forwarded via csyslogd to syslog receiver.