On Thu, Jul 6, 2017 at 9:52 PM, Ian Brown wrote:
> Dan,
>
> Apparently it isn't compatible:
>
> ../bin/ossec-logtest -v
> 2017/07/07 01:50:33 ossec-analysisd: Invalid element 'accumulate' for
> decoder 'decoder'
> 2017/07/07 01:50:33 ossec-testrule(1202): ERROR: Configuration
Dan,
Apparently it isn't compatible:
../bin/ossec-logtest -v
2017/07/07 01:50:33 ossec-analysisd: Invalid element 'accumulate' for
decoder 'decoder'
2017/07/07 01:50:33 ossec-testrule(1202): ERROR: Configuration error at
'/etc/decoder.xml'. Exiting.
On 7/6/2017 6:48 PM, dan (ddp) wrote:
On Thu, Jul 6, 2017 at 9:08 PM, Ian Brown wrote:
> Dan,
>
> It's what comes in SecurityOnion's latest iso (securityonion-14.04.5.2.iso).
>
> ./ossec-logtest -V
>
> OSSEC HIDS v2.8 - Trend Micro Inc.
>
> This program is free software; you can redistribute it and/or modify
> it
On Wed, Jul 5, 2017 at 10:41 PM, Ian Brown wrote:
> Dan,
>
> All my regex experience comes from Perl. It's clear this regex does things
> a bit differently than how I expected. In Perl \.+ means only match 1 or
> more periods.
>
> Another difference I've discovered is that
On Wed, Jul 5, 2017 at 10:26 PM, Ian Brown wrote:
> Dan, that matches for the source and destination IP addresses, but if I
> understand logtest's "Phase 2" output correctly, using those additional
> decoders drops all the other things that the original windows decoder found:
Thanks for quick response.
Server has running apache , I restarted apache it show log that it monitors
all apache config and I connect with my browser and made multple 404 error
codes from same server . default log level is 7 for ossec. OSSEC exact
configuration like below and my server hosts
On Jul 6, 2017 4:38 PM, "Kazim Koybasi" wrote:
I added config below to etc/shared/agent.conf in ossec-server home
directory but there is no alerts in server.What could I need with this
configuration?
apache
/var/log/httpd/site/site_log
I added config below to etc/shared/agent.conf in ossec-server home
directory but there is no alerts in server.What could I need with this
configuration?
apache
/var/log/httpd/site/site_log
--
---
You received this message because you are subscribed to the Google