Some of the options that can be pursued to troubleshoot and resolve this issue have been mentioned below:

• Login to Alien Vault server using putty with “root” credentials.
• After login, you will see the following screen.

• Select the “Jailbreak System”
• Click “Yes” or Press “Enter” from the keyboard and accept the “Jailbreak Commandline Notice” in next screen by clicking “Yes:”

This will give you a command line access to Alien Vault server and screen will be displayed as below.

Run the following command in the console and wait for this to complete.

Command: tcpdump -i eth0

Run this command to see if the sensor is receiving the traffic from a particular log source. For example the log source ip is (10.10.30.217) we will run the following command to see if the logs are coming.

tcpdump -i eth0 | grep 10.10.30.217

If the above command shows you traffic from the log sources as mentioned below that means you have the traffic coming in from the log sources.

Check if the Alien Vault is receiving the syslog traffic from the log sources or not by using the below mentioned command.

tcpdump -i eth0 | grep syslog

If something is still wrong and you don’t see the alerts in the web GUI, then we need to pivot and try some other method. The next suggested step is a bit too much at this stage but will get you through the task. Click Here for the Event Level Troubleshooting or here for OSSIM agent troubleshoot if alarms are not coming.