On Fri, Jun 10, 2016 at 7:48 AM, Jacob Mcgrath <jacob.xtrememe...@gmail.com> wrote: > ok ok I see what you are talking about <decoded_as> >
Yeah, sorry for not being more clear. The decoded_as field is only populated with the parent decoder, not children. > On Thursday, June 2, 2016 at 6:48:13 AM UTC-5, Jacob Mcgrath wrote: >> >> Was wondering on the best route/option to accomplish this? >> >> >> (similar to the USB storage detection) >> >> Was thinking about a batch or bash that would ping servers from a list to >> a file. That every so many minute this >> file would be overwritten with the new results. >> >> If the results "differ" from the last log the alert would be triggered. >> >> >> (other option) >> >> Run script as scheduled task, write to log then monitor log like a syslog. >> Regex for the failed pings. Then alerts. >> >> >> Curious if any had tried and found either way better? > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
