Syslog Output options are available in the the following installation types:
All syslog_output options must be configured in the /var/ossec/etc/ossec.conf and used within the <ossec_config> tag.
XML excerpt to show location:
<ossec_config>
<syslog_output>
<!--
Syslog Output options here
-->
</syslog_output>
</ossec_config>
syslog_output
¶server
¶port
¶level
¶group
¶|
) character.<group>syscheck</group>
<group>authentication_failure|authentication_success</group>
rule_id
¶location
¶use_fqdn
¶New in version 2.9.0.
format
¶<syslog_output>
<server>10.0.0.1</server>
<port>514</port>
<format>cef</format>
</syslog_output>