This is the documentation for Wazuh 3.1. Check out the docs for the latest version of Wazuh!

alerts

XML section name

<alerts>
</alerts>

Configure here the minimum alert levels for logging or sending alerts. You can also enable or disable the geolocation feature.

Options

log_alert_level

This is the minimum severity level for alerts to be stored to alerts.log and/or alerts.json.

Default value 3
Allowed values Any level from 1 to 16

email_alert_level

This is the minimum severity level for an alert to generate an email notification.

Warning

This is the minimum level for an alert to trigger an email. This overrides granular email alert levels. Setting this to 10 would prevent the sending of emails for alerts with levels lower than 10 even when there are settings in the granular email configuration referencing levels lower than 10. Individual rules can override this with the alert_by_email option, which forces an email alert regardless of global or granular alert level thresholds.

Default value 12
Allowed values Any level from 1 to 16

use_geoip

Enable or disable GeoIP lookups.

Default value no
Allowed values The options are yes or no.

Default configuration

<alerts>
  <log_alert_level>3</log_alert_level>
  <email_alert_level>12</email_alert_level>
</alerts>