You can prune alarms based on a number of different criterion such as 'alarms older than the specified number of days' or 'number of events in a table has exceeded a given limit'. Also, pruning can be done on a specified table or tables, ie you can specify the type of table to be pruned. You can choose from the table types syslog, alert, auditlog, deploy and sysconfig or you could list multiple tables (using a comma-delimited list).
'Default alarm pruning' and 'default syslog pruning' are two database rules for pruning event that by default are present in the Database Rules page. Further, It is my understanding that all pruned data goes(is archived in) the same folder. What might be happening is that the syslog messages you see were pruned from the syslog table by the 'default syslog pruning rule' and not the alerts table.
If you wish to do so, default rules too can be modified. For more information, you could take a look at the document Administering Security Monitor at the URL http://www.cisco.com/en/US/products/sw/cscowork/ps3991/products_user_guide_chapter09186a00800e4371.html