Not receiving mysql alerts from /var/log/mysql/error.log on the server

[temp.em...@gmail.com]

Everything seems to be working well, and I have followed all of the instructions in the following link for ossec to decode mysql logs and alert on rules. https://groups.google.com/forum/#!topic/ossec-list/u4uXvPnGhQ4

I am a little perplexed because everything else seems to be working. Troubleshooting: I am trying to login to the mysql-server with an invalid username or password. The error message should read "Access denied for user".

1. I see these lines in /var/log/mysql/error.log

2. I have enabled debugging level 2 and see that the agent is collecting logs for /var/logs/mysql/error.log

3. On the server, I have included the rules file mysql_rules

4. On the agent in agent.conf, I have included the lines:

     <localfile>

        <log_format>mysql_log</log_format>

        <location>/var/log/mysql/error.log</location>

     </localfile>

5. I have restarted both server and agent multiple times

6. I receive real time monitoring alerts on file changes and sudo open/closed sessions

7. I receive alerts from the default setup about failed ssh access attempts but not mysql

8. It's strange I get some alerts about sudo access (level 3) and ssh access attempts (level 5) but not file changes (I guess this is separate unless there is a delay for mysql rules I'm not aware of).

Did I miss something to enable mysql alerts?