Hi all,
I've been using osssec for a while now and I really like it.
I'm now trying to integrate ossec with a monitoring application. I'd like to have ossec send Alerts to a remote host via syslog.
I have it all working, with one exception. It looks like ossec forwards ALL events as local0.warning.
is this configurable? is there a way to change it?
what I'd really love is a way to set an Alert level to a specific facility / severity so that the monitoring system can handle different events differently without having to do much parsing of the message contents.
Does anyone have any tips or pointers?
thanks!
J