Hello Elwali,
Let's start from the beginning when I try to connect to the DB with a wrong password, here is what I can found on my log file for one authentication failed attempt
2021-04-07 16:48:20.991 EET [8329] FATAL: password authentication failed for user "testing_user"
2021-04-07 16:48:20.991 EET [8329] DETAIL: Password does not match for user "testing_user".
Connection matched pg_hba.conf line 90: "host testing_db testing_user
0.0.0.0/0 md5"
There are two types of logs here, one line log and two lines log each log statement starting with the date as you can see.
So, I tried to paste my two types of logs into /ossec/etc/wazuh-logtest to see what is going to happen, and here is what I've got:
-one-line log (attachement1)
-two lines log (attachement2)
Thanks.