So, I was waiting for 5.6.6 to fix issues of 5.6, but its only getting worse.
After upgrading from 5.6 to 5.6.6 SIEM events stops populating into DB.
Logs are still coming into /var/log/alienvault/devices/ and OSSEC alerts are also in place.
Seems like server cannot either parse logs or put events into database.
The strange part here is that I also have external OSSIM sensor(also 5.6.6) which forwards events to OSSIM, and it's events are present in the DB and GUI.
directory /var/log/alienvault/agent/ is empty.
There's errors in server.log file:
Query: INSERT IGNORE INTO (event_id, filename, username, password, userdata1, userdata2, userdata3, userdata4, userdata5, userdata6, userdata7, userdata8, userdata9, data_payload, binary_data)extra_data error: Unknown column 'event_id' in 'field list'
Any help is much appreciated.