On Jun 25, 2017 1:05 PM, "Guy Or" <guydu...@gmail.com> wrote:
Hello, I am writing decoders, rules and scripts that monitor my uwsgi application. Say that I write a decoder for a certain event that appears in the log, and that triggers a rule I wrote for it (using 'decoded_as'). How do I pass the entrie log line to my custom active response script, so that I can use the information in the logic of the script? FYI : I am using ossec and zabbix in conjunction, right now I detect and parse events with ossec real time log monitoring and send the information to zabbix trappers. Works wonderfully Decode the entire log message as <user>? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
