I tried editing SyslogProcessing.py, but I don't think I did it right. Or at least it doesn't seem to have changed anything. I made the top look like this:
parsers = (
# generic mark
r"(?P<summary>-- (?P<eventClassKey>MARK) --)",
# CLASSE edit for OSSEC parsing
r"(?P<summary>(^Alert Level\:\s\d+.*)\n((.+\n)+))",
Maybe I screwed that up somehow?