>
> It doesnt work, a real shame... It will only work if you dont have spaces
> in your log line.
>
This is really really really annoying lol... all that is needed is to
wrap with ' ' the argument (log line with spaces and all sort of
characters) when you pass it to the active response
ccepts *user *and *srcip *as arguments. So, you
> need to create a decoder to extract the log as user or srcip. I'm not sure
> if this regex will work: "^(\.+)$".
>
> I hope it helps.
>
> On Sunday, June 25, 2017 at 7:06:31 PM UTC+2, dan (ddpbsd) wrote:
>>
&g
Hello,
I am writing decoders, rules and scripts that monitor my uwsgi application.
Say that I write a decoder for a certain event that appears in the log, and
that triggers a rule I wrote for it (using 'decoded_as').
How do I pass the entrie log line to my custom active response script, so
Hello all,
It appears the latest version of OSSEC requires glibc 2.14. Are there any
versions that require a lower version, specifically 2.12? I am running
CentOS 6 so this is posing an issue.
Thanks.
--
---
You received this message because you are subscribed to the Google Groups
Can someone give an example of someone in large retail that is successfully
using OSSEC? We are looking at solutions for our company of over 50
stores, but I'd like to know that someone else has already tried this in a
large environment. Can anyone share links or examples?
Thanks!
--
---
Hello,
We are looking to test this in our enterprise environment. Are there any
examples or any references to this being used on point of sale devices
within large size companies?
--
---
You received this message because you are subscribed to the Google Groups
ossec-list group.
To
Thank you guys. I've been through everything I could find, but still no
solution.
I used tcpdump, and there is nothing being send from client to server when I
access the website with a SQL Injection request.
The client (windows) log shows that the right file is being accessed and
scanned with no