The alerts from /var/ossec/logs/alerts/alerts.log file were not coming up in SIEM.
I tested the ossec-single-line.cfg plugin against the alerts.log file using the command,
"sudo /usr/share/ossim/scripts/regexp.py /var/ossec/logs/alerts/alerts.log /etc/ossim/agent/plugins/ossec-single-line.cfg q"
It gave me the following output (which indicates that there are matched events). Why am is still not able to see events in SIEM?
I tested the ossec.cfg the same way. It gave 0 matched events.
Also I see that few entries in the alerts.log file are with newlines and some alerts are single lines. Why is this so?