Hi, Indeed as you suspected this is reflecting the alerts that also fall into the alert.log file, but with a couple of caveats. For one, only those that have a level of alert higher than 0 are being counted. And secondly the alerts might not be appearing immediately on the dashboard.
If you count the alerts in /var/ossec/logs/alerts/yyyy/MMM/ossec-alerts-DD.log (where yyyy, MMM, DD correspond to the date) from a previous day and compare them to the count on the Kibana Dashboard for that day you will see it matches the sum of those alerts. For convenience you can see all alerts that match this criteria with grep: zgrep "level [1-9]" /var/ossec/logs/alerts/yyyy/MMM/ossec-alerts-DD.log | wc Do note that levels go up to level 15, but this grep will math it without matching level 0 alerts. I hope this solves your inquiry, Regards, Juan Carlos -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
