You need to make sure the numbers you picked for your new rules exist in a DS group and you have the correct translation statements in your .cfg.local file for the plugin.
Also, to ensure you get a hit with the rule, your level has to be > 0 to be written to alerts.log You are closing in sir! Note that this is for OSSEC and not Alienvault. I happen to run both and know what you are doing, though this group might not be the best place for Alienvault related questions of OSSEC All the best Grant On Monday, February 5, 2018 at 6:07:21 PM UTC-5, Sam Wallace wrote: > > Currently I'm getting my application logs to my archives.log file, but not > my alerts.log file. When I run my event through ossec-logtest they make it > through phase 2 with my custom decoder I built and then they also make it > through phase 3 with the custom rule I built. > > Where do I go from here? Even though it hits a rule, it doesn't get > written to my alerts.log. Once I get it to alerts.log how do I go about > writing a plugin to capture this event and put it into AlienVault proper. > > Thank you! > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
