Thanks for the question. Mine's apparently been broken for quite some time!
Are you just grepping the alerts.log or are you being alerted via email? You look like you're posting out of the alerts.log... you might add grep -A 10 agentless alerts.log Here's the example I'm seeing via email now that I've fixed mine.. Also, do you really have a PIX? If you have an ASA, the ssh_asa-fwsmconfig_diff might be the way to go. I know the PIX script has an issue with the expect password. *OSSEC HIDS Notification.2015 Apr 08 11:37:39* *Received From: (ssh_asa-fwsmconfig_diff) **[email protected]>agentless* <[email protected]>agentless> *Rule: 555 fired (level 7) -> "Integrity checksum for agentless device changed."Portion of the log(s):* *ossec: agentless: Change detected:56c56< Botnet Traffic Filter : Enabled 458 days---> Botnet Traffic Filter : Enabled 457 days375c375< ssh timeout 59---> ssh timeout 51More changes..* * --END OF NOTIFICATION* -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
