I'm running on CentOS 7.3.1611 and using the atomic repo which has
ossec-hids-2.9.2-2082 and ossec-hids-server-2.9.2-2082.
I have done more debugging and I'm seeing some things I think are strange.
If the condition I'm testing for has happened in the last 15 to 20 minutes
before the
email is
I fairly new to ossec but I have been writing rules. The issue I have is
that I have written a rule and tested it with ossec-logtest which seems to
work. And the subject of the email I get has the correct hostname and alert
level but there is no alert with that hostname or alert level in the