diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml
index f8fb5acf5..7c6e0655b 100644
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -36,6 +36,16 @@ filebeat.prospectors:
     clean_removed: false
     close_removed: false
 
+  - type: log
+    paths:
+      - /alerts/alerts.json
+    fields:
+      type: ossec
+    fields_under_root: true
+    clean_removed: false
+    close_removed: false
+
+
 
 #----------------------------- Logstash output ---------------------------------
 output.logstash:
@@ -152,7 +162,7 @@ output.logstash:
 
 # Sets log level. The default log level is info.
 # Available log levels are: error, warning, info, debug
-#logging.level: info
+logging.level: debug
 
 # Enable debug output for selected components. To enable all selectors use ["*"]
 # Other available selectors are "beat", "publish", "service"