Greetings: I created a small number of sonicwall rules in /var/ossec/rules/ local_rules.xml
When I restarted ossec, it told me there was no "sonicwall" decoder. When I commented out the decoder section for "sonicwall" in /var/ossec/ etc/decoder.xml I was told there is an error in the sonicwall decoder. I was not sure how to fix the error, but wanted to pass this along. Thank you. P.S. I did privately email relevant sonicwall log info.
