All alerts options must be configured in the /var/ossec/etc/ossec.conf and used within the <ossec_config> tag.
XML excerpt to show location:
<ossec_config>
<alerts>
<!--
alerts options here
-->
</alerts>
</ossec_config>
alerts
¶email_alert_level
¶Minimum alert level to send e-mail notifications.
Default: 7
Allowed: Any level from 1 to 16
Note
This is the minimum level for an alert to trigger an email. This overrides granular email alert levels. Setting this to 10 would prevent emails for alerts at levels lower than 10 to be sent despite settings in the granular email configuration. Individual rules can override this with the alert_by_email option.
log_alert_level
¶Minimum alert level to store the log messages.
Default: 1
Allowed: Any level from 1 to 16
use_geoip
¶Enable or disable GeoIP lookups.
Default: Disabled
Allowed: yes/no