[ossec-list] Re: Help with decoder

Hi Jesus, thanks for the help! I had tested this too, but I did not succeed. I tried put vd=\.* and it did not work. I think there was some junk in the file.

[ossec-list] OSSEC exclude IP and prevent alert trigger

Hello, let me try make myself understod. So i've got the part to ignore/exclude an specific IP to work, thats no problem. However, here's my issue/problem I'd like to solve. 7 cronjobIP Ignorning cronjobIP 1. Ignore specific IP which run regular cronjob's and utilizes SSH (done). 2. The

[ossec-list] Re: Help with decoder

Hi, your prematch is wrong: - log: [...] vd=root logdesc [...] - prematch: [...] vd=*"*\.+*"* [...] Try this one: fortigate-firewall-v5 type=event subtype=vpn level= logdesc="\.+" msg="(\.+)" action=(\.*) remip=(\S+) locip=(\S+) \.*vpntunnel="(\.*)"