Hi Andrew,
You may get a lot of useless messages, but just create a local rule like that: <rule id="100001" level="1"> <description>Non-parsed message...</description> </rule> And everything that is not parsed by others will go into this one. When you write your decoders/rules, please share them with us! Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On 4/4/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
I would like to get a notice if there is a log message that the ossec does not understand. For example if I run bash$ logger "something ossec does not know about" I would like to get an alert about it so that I can write a decoder / rule for the message. Is there a good way to do that?
