Had to present to my boss on my progress of Alienvault. Nothing works. Looked at all of the settings, configs, logs, and it shows no activity. I worked hard to get these things to run properly up until yesterday and during presentation day, it just up and stop.

Warning to everyone: Don't get AlienVault OSSIM. Its a headache to configure.

Over 3 months, I wrestled and toiled with learning how rsyslog works, send to the log server, passes that to AlienVault OSSIM, where I have to build a plugin that, I thought could be done with a built-in plugin builder but ended up with building it from scratch, and have to learn Regex (surprisingly was fun thanks to amazing online resources), test, build, restart rsyslog, ossim-agent, ossim-server and ossim-db just to get the application log showing up on the BROWSER!

I like OSSIM but what's killing me the most is rsyslog. I still can't get grasp how to get custom logs of any kind into a log server. I don't think I'll remember any of this by tomorrow but whelp.

You know what really grinds my gears? For a software like OSSIM, the community support may be lacking, but the documentation sucks @$$.