On 8/8/07, Daniel Cid <[EMAIL PROTECTED]> wrote: > Please, don't use grok for that! From what I saw it is > vulnerable to very simple log injection attacks (you > need much more string regexes): > > http://www.ossec.net/en/attacking-loganalysis.html
Ack. Thanks for pointing that out. Some attacks can be fixed with a slightly more complicated regex, but I'll have to crawl through the code some also and see how it parses the regex. (Or maybe just use ossec.) Gee, and I have so much time, too... - R.