Hi Miles, Take a look at this document:
http://www.ossec.net/ossec-docs/auscert-2007-dcid.pdf It explains how the pre-decoding works and how it is related to the decoding. Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On Wed, Jul 15, 2009 at 2:23 AM, miles sakaguchi<milessakagu...@yahoo.com> wrote: > does predecoding do the same for all logs? does it extract the same fields > for every log? > > p.s. > I'm not sureĀ about decoding but I'm ok with it. > tanx > miles > >
