• Support
  • Forums
  • Blogs

Testing config file

abhiinmysoreabhiinmysore

Entry Level
The alerts from /var/ossec/logs/alerts/alerts.log file were not coming up in SIEM. 

I tested the ossec-single-line.cfg plugin against the alerts.log file using the command,

"sudo /usr/share/ossim/scripts/regexp.py /var/ossec/logs/alerts/alerts.log /etc/ossim/agent/plugins/ossec-single-line.cfg q"

It gave me the following output (which indicates that there are matched events). Why am is still not able to see events in SIEM?
I tested the ossec.cfg the same way. It gave 0 matched events. 

Also I see that few entries in the alerts.log file are with newlines and some alerts are single lines. Why is this so? 

Tagged:

Share post:

This discussion has been closed.