syslog facility when sending to remote syslog server?
23 views
Skip to first unread message
Joel
Jan 13, 2017, 10:44:46 AM1/13/17
to ossec-list
Hi all,
I've been using osssec for a while now and I really like it.
I'm now trying to integrate ossec with a monitoring application. I'd like to have ossec send Alerts to a remote host via syslog.
I have it all working, with one exception. It looks like ossec forwards ALL events as local0.warning.
is this configurable? is there a way to change it?
what I'd really love is a way to set an Alert level to a specific facility / severity so that the monitoring system can handle different events differently without having to do much parsing of the message contents.
Does anyone have any tips or pointers?
thanks!
J
dan (ddp)
Jan 13, 2017, 10:50:19 AM1/13/17
to ossec...@googlegroups.com
> thanks!
>
> J
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Joel
Jan 13, 2017, 11:40:10 AM1/13/17
to ossec-list
Thanks Dan
dan (ddp)
Jan 13, 2017, 1:04:32 PM1/13/17
to ossec...@googlegroups.com
On Fri, Jan 13, 2017 at 11:40 AM, Joel <jbr...@oddelement.com> wrote:
> Thanks Dan
>
Sorry I didn't have better news.
If you want to open an issue on the github
(https://github.com/ossec/ossec-hids), we can keep it in mind when we
find time to work on features.
I think having more options might be useful (and the defaults can
always be re-evaluated).
> Thanks Dan
>
Sorry I didn't have better news.
If you want to open an issue on the github
(https://github.com/ossec/ossec-hids), we can keep it in mind when we
find time to work on features.
I think having more options might be useful (and the defaults can
always be re-evaluated).
Reply all
Reply to author
Forward
0 new messages