Currently I'm getting my application logs to my archives.log file, but not my alerts.log file. When I run my event through ossec-logtest they make it through phase 2 with my custom decoder I built and then they also make it through phase 3 with the custom rule I built.
Where do I go from here? Even though it hits a rule, it doesn't get written to my alerts.log. Once I get it to alerts.log how do I go about writing a plugin to capture this event and put it into AlienVault proper.
Thank you!