[ossec-list] HIDs agent syslog(/var/log/mysql/mysql.log) alerts not showing in analysis/security_events but is showing in environment/detection/hids Alerts Log. How can I did that so hids alerts showing in security_events.

[Dosimbek Umarov]

**Phase 1: Completed pre-decoding.
       full event: '023 Nov 26 16:10:49 (bd-2) 
192.168.110.3->/var/log/mysql/mysql.log 20231126 
16:10:45,bd2022-2,root,localhost,834,73474,QUERY,mysql,'REVOKE Delete  ON * 
. * FROM \'test6\'@\'localhost\'',0'
       hostname: 'alienvault'
       program_name: '(null)'
       log: '023 Nov 26 16:10:49 (bd-2) 
192.168.110.3->/var/log/mysql/mysql.log 20231126 
16:10:45,bd2022-2,root,localhost,834,73474,QUERY,mysql,'REVOKE Delete  ON * 
. * FROM \'test6\'@\'localhost\'',0'

**Phase 2: Completed decoding.
       decoder: 'maria_user_audit'

**Phase 3: Completed filtering (rules).
       Rule id: '196003'
       Level: '7'
       Description: 'Maria User edited'
**Alert to be generated.

AV - Alert - "1700993449" --> RID: "196003"; RL: "7"; RG: "mariadb,"; RC: 
"Maria User edited"; USER: "None"; SRCIP: "None"; HOSTNAME: "(bd-2) 
192.168.110.3->/var/log/mysql/mysql.log"; LOCATION: "(bd-2) 
192.168.110.3->/var/log/mysql/mysql.log"; EVENT: "[INIT]20231126 
16:10:45,bd2022-2,root,localhost,834,73474,QUERY,mysql,'REVOKE Delete  ON * 
. * FROM \'test6\'@\'localhost\'',0[END]"; 

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/e1f04532-76c7-4daf-8405-c3ea88a7815fn%40googlegroups.com.