On Wed, Feb 29, 2012 at 4:52 PM, Viktor Gazdag woodsp...@gmail.com wrote:
Hi!
I made quickly this decoder and after that, you can see the ossec-logtest
output! The interface is not there, i know. :/
I hope it is good for you or help something! :) If you have any question,
feel free to ask!
It must be nice to have people do your work for you.
On Thu, Mar 1, 2012 at 3:06 AM, C. L. Martinez carlopm...@gmail.com wrote:
On Wed, Feb 29, 2012 at 4:52 PM, Viktor Gazdag woodsp...@gmail.com wrote:
Hi!
I made quickly this decoder and after that, you can see the ossec-logtest
output! The
On Thu, Mar 1, 2012 at 12:18 PM, dan (ddp) ddp...@gmail.com wrote:
It must be nice to have people do your work for you.
Sorry, but that is not my intention. I am trying to resolve this
problem since this morning.
I'm not sure how it can match the decoder without matching everything.
Are you
Hi!
Here is the new decoder! This log file record is a little bit different,
that's why it didn't work. But with my new decoder, it works well with both
record! ;)
I write you a quick basic ossec decoder tutorial! If something isn't
good, I hope ddp will correct me!
First we have to give a name
On Thu, Mar 1, 2012 at 3:02 PM, Viktor Gazdag woodsp...@gmail.com wrote:
Hi!
Here is the new decoder! This log file record is a little bit different,
that's why it didn't work. But with my new decoder, it works well with both
record! ;)
I write you a quick basic ossec decoder tutorial! If
On Wed, Feb 29, 2012 at 11:58 AM, dan (ddp) ddp...@gmail.com wrote:
On Wed, Feb 29, 2012 at 5:05 AM, C. L. Martinez carlopm...@gmail.com wrote:
On Tue, Feb 28, 2012 at 3:27 PM, C. L. Martinez carlopm...@gmail.com wrote:
Hi all,
I am wrong, or do not exists rules and decoder to process
I am trying to write this decoder, without luck. My sample log:
Number Date Time Interface Origin Type Action Service
Source Port Source Destination Protocol Rule Rule Name
Current Rule Number User Information Product Source Machine
Name Source User Name
2 26Feb2012 23:58:58 Lan2 CHCKPNT1
On Wed, Feb 29, 2012 at 12:40 PM, C. L. Martinez carlopm...@gmail.com wrote:
I am trying to write this decoder, without luck. My sample log:
Number Date Time Interface Origin Type Action Service
Source Port Source Destination Protocol Rule Rule Name
Current Rule Number User Information
Hi!
I made quickly this decoder and after that, you can see the ossec-logtest
output! The interface is not there, i know. :/
I hope it is good for you or help something! :) If you have any question,
feel free to ask!
decoder name=custom_checkpoint
prematch\d+ \d+\w+\d+ \d+:\d+:\d+ (\S+)