On Friday, November 23, 2012 7:20:44 AM UTC-6, dan (ddpbsd) wrote:
etc/local_decoder.xml:
decoder name=zabbix
prematch^Zabbix Server[\d+]: /prematch
/decoder
decoder name=zabbix-check-failed
parentzabbix/parent
regex offset=after_parentSending list of active checks to
On Tue, Nov 27, 2012 at 11:14 AM, Scott wa6...@gmail.com wrote:
On Friday, November 23, 2012 7:20:44 AM UTC-6, dan (ddpbsd) wrote:
etc/local_decoder.xml:
decoder name=zabbix
prematch^Zabbix Server[\d+]: /prematch
/decoder
decoder name=zabbix-check-failed
parentzabbix/parent
On Tue, Nov 20, 2012 at 5:38 PM, Scott wa6...@gmail.com wrote:
I should mention this is OSSEC 2.7
On Tuesday, November 20, 2012 4:35:31 PM UTC-6, Scott wrote:
Hi everyone,
Sorry to be on the list so much, but I've hit another block in my
understanding of ossec.
What am I doing wrong
I should mention this is OSSEC 2.7
On Tuesday, November 20, 2012 4:35:31 PM UTC-6, Scott wrote:
Hi everyone,
Sorry to be on the list so much, but I've hit another block in my
understanding of ossec.
What am I doing wrong here? The decoder seems to work, but the rule does
not match!
