alerts
Here is how to configure the severity level threshold for logging or sending alerts and the geolocation feature.
Options
log_alert_level
Sets the minimum severity level for alerts that will be stored to alerts.log and/or alerts.json.
Default value |
3 |
Allowed values |
Any level from 1 to 16 |
email_alert_level
Sets the minimum severity level for an alert to generate an email notification.
Warning
This is the minimum level for an alert to trigger an email. This setting overrides granular email alert configuration. Setting this to 10 will prevent the sending of emails for alerts with levels lower than 10, even when there are settings in the granular email configuration referencing levels lower than 10. Individual rules can override this with the alert_by_email option which forces an email alert regardless of global or granular alert level thresholds.
Default value |
12 |
Allowed values |
Any level from 1 to 16 |
use_geoip
Deprecated since version 2.0.
This option has no effect, and will result in a parsing error unless compiled with LIBGEOIP_ENABLED.
Default value |
n/a |
Allowed values |
yes, no |
Default configuration
<alerts>
<log_alert_level>3</log_alert_level>
<email_alert_level>12</email_alert_level>
</alerts>