<global>
     <email_notification>yes</email_notification>
     <email_to>allalerts@mydomain.com</email_to>
     <smtp_server>mail.mydomain.com</smtp_server>
     <email_from>ossec@mydomain.com</email_from>
   </global>

   <alerts>
     <log_alert_level>1</log_alert_level>
     <email_alert_level>7</email_alert_level>
     <email_to>user@mydomain.lu</email_to>
   </alerts>