On Wed, Mar 1, 2017 at 6:40 PM, Ed Davison <edavi...@gmail.com> wrote: > It would be great to see the decoder entries that go with these rules ... I > know this is an older post but maybe you are still around and can share the > decoder and maybe the plugin as well? >
If you can provide log samples, we can work on decoders. :-) > On Monday, May 16, 2016 at 4:22:08 PM UTC-5, Brent Morris wrote: >> >> Rob - can you post your OSSEC version of the log? I can check my rules. >> These are a culmination of gleaned rules that I updated some time back with >> new event IDs. Yours is covered in there.... but I would like to test it >> against a valid OSSEC log. So if you can post it from the OSSEC logs, >> that'd be great. >> >> Here they are.. >> > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
