Hi Tom, Can you send some log samples to us? Our decoder looks for:
<decoder name="netscreenfw"> <program_name>^sav00|^ns5gt</program_name> <prematch>^NetScreen device_id</prematch> </decoder> Probably that's why it only works with ns5gt. However, we were told this would be present in all netscreen logs, so if that is different, let us know. Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On 8/20/07, Tom Bicer <[EMAIL PROTECTED]> wrote: > I've been trying to get ossec work with netscreen logs. I'm unable to figure > out why only device name ns5gt works. > Replacing that name with any other valid device name in decoder.xml doesn't > produce any records in firewall.log > I also tried completely removing program_name and just leaving prematch, it > still doesn't produce any entries in firewall.log > I'd appreciate any suggestions anyone may have. > Tom >
