Are you sure it is not in the alerts file? ossec-maild (the smtp agent) reads the alerts.log file in order to send emails. See below:
root@vpc-ossec-manager:~# lsof /var/ossec/logs/alerts/alerts.log COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME ossec-csy 506 ossecm 3r REG 202,1 3010867 412101 /var/ossec/logs/alerts/alerts.log ossec-mai 510 ossecm 3r REG 202,1 3010867 412101 /var/ossec/logs/alerts/alerts.log ossec-ana 518 ossec 9w REG 202,1 3010867 412101 /var/ossec/logs/alerts/alerts.log Maybe the file has been rotated and that is why you don't see it. best On Thu, Jan 28, 2016 at 10:54 AM, Log <[email protected]> wrote: > When testing agentless motioning noticed that agentless alerts do not > appear in the "alerts.log" nor in the WUI, why is that and can it be fixed? > I'm using ssh_integrity_check_linux > > > I do receive email alerts as shown below. > > OSSEC HIDS Notification. > > 2016 Jan 28 10:46:22 > > > > Received From: (ssh_integrity_check_linux) [email protected]>syscheck > <[email protected]%3esyscheck> > > Rule: 552 fired (level 7) -> "Integrity checksum changed again (3rd time)." > > Portion of the log(s): > > > > Integrity checksum changed for: '/etc/group-' > > Size changed from '734' to '750' > > Old md5sum was: '9e08bb89beaf6aa3a5c763cf529807c1' > > New md5sum is : 'ac338ac9cff991882ca37d9e45147cd9' > > Old sha1sum was: '5888147986d50bf1db3ca95796195743f1562431' > > New sha1sum is : '94315577e5beba7b9de73a305c3435a892e8b527' > > > Thanks for your support and assistance > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
