So far what I have seen is, only alert id "5706" has a blank message and only if the output is in JSON format.
On Tuesday, October 2, 2018 at 4:29:37 PM UTC+5:30, dan (ddpbsd) wrote: > > On Wed, Sep 19, 2018 at 1:34 AM Chinmay Pandya > <[email protected] <javascript:>> wrote: > > > > This is the alert from alert.log file > > > > ** Alert 1536818415.3348561390: - syslog,sshd,recon, > > 2018 Sep 13 06:00:15 east1001->10.88.10.114 > > Rule: 5706 (level 6) -> 'SSH insecure connection attempt (scan).' > > Src IP: 10.14.158.11 > > > > > > Sep 13 06:00:15 east1001 sshd[14453]: Did not receive identification > string from 10.14.158.11 > > > > Do all of your alerts have blank lines between the full log message > and the previous information or just the ones > with the missing messages in the json alerts? > The blank lines I see in my alerts.log are between alert entries. > -- _____________________________________________________________ The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. The firm is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
