Currently I'm getting my application logs to my archives.log file, but not my alerts.log file. When I run my event through ossec-logtest they make it through phase 2 with my custom decoder I built and then they also make it through phase 3 with the custom rule I built.
Where do I go from here? Even though it hits a rule, it doesn't get written to my alerts.log. Once I get it to alerts.log how do I go about writing a plugin to capture this event and put it into AlienVault proper. Thank you! -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
