Could you please help me here?
On Thursday, 11 April 2019 17:17:04 UTC+5, Abid Raza wrote:
>
> Hi,
>
> I can see the keys in the client.keys file. Could you please let me know
> the steps to check the OSSEC Traffic you mentioned in your last email?
>
> On Tuesday, 9 April 2019 17:19:35 UTC+5,
On Thu, Apr 11, 2019 at 8:17 AM Abid Raza
wrote:
>
> Hi,
>
> I can see the keys in the client.keys file. Could you please let me know the
> steps to check the OSSEC Traffic you mentioned in your last email?
>
Replace INTERFACE with the name of your network interface.
`sudo tcpdump -nni
Hey Wayne,
Your understanding is correct however in version 3.3.x (currently available
in master) there has been the addition of dynamic decoders which will allow
you to create whatever key value pairs you want. Should be a new release in
the coming weeks but I am not 100% on when specifically it
On Fri, Apr 12, 2019 at 2:56 PM Zack Vanderbilt
wrote:
> Hey Wayne,
>
> Your understanding is correct however in version 3.3.x (currently
> available in master) there has been the addition of dynamic decoders which
> will allow you to create whatever key value pairs you want. Should be a new
I was looking at doing this as well. The main thing holding me back is the
limited fields that can be extracted. My current understanding is that
osecc decoder's field extraction is limited to the following fields:
location- where the log came from (only on FTS)
srcuser -