Low Level Wazuh Alert
288 views
Skip to first unread message
Musakkarul Lambatjing
Jul 27, 2022, 3:27:56 AM7/27/22
to Wazuh mailing list
Hi Team,
If may i ask, is there any ways to make a Low Level Alert keep shows on the event/dashboard, even we already defined log_alert_level?
example :
if we set the log alert minimum level to 6, i want to shows low alert level like "active response log" (which has level 3). but without changing the ruleset.
<alerts>
<log_alert_level>6</log_alert_level>
<email_alert_level>12</email_alert_level>
</alerts>
<log_alert_level>6</log_alert_level>
<email_alert_level>12</email_alert_level>
</alerts>
Thanks.
Message has been deleted
Agbeyemi Samuel Damilola
Jul 27, 2022, 4:23:55 AM7/27/22
to Wazuh mailing list
Hello Musakkarul,
Thank you for using Wazuh. What you want to achieve might not be possible. As we know the log_alert_level field defines the minimum severity level that will trigger alerts to be stored in the alerts.log and/ or the alerts.json files. That said, a log_alert_level of 6 will be the minimum alert level to be displayed on the Wazuh dashboard.
If you want to display alerts for another rule with a lower rule level, then you should increase the rule level to the minimum log_alert_level.
Please take a look at our documentation - https://documentation.wazuh.com/current/user-manual/manager/alert-threshold.html
If you want to display alerts for another rule with a lower rule level, then you should increase the rule level to the minimum log_alert_level.
Please take a look at our documentation - https://documentation.wazuh.com/current/user-manual/manager/alert-threshold.html
Thanks
Musakkarul Lambatjing
Jul 27, 2022, 5:13:51 AM7/27/22
to Wazuh mailing list
Hello Agbeyemi,
Thank you for your quick answer and explanation.
Really appreciated it.
Regards
Reply all
Reply to author
Forward
0 new messages