Hi Abey, The pre decoders are very simple and we only use them for very common log formats, like syslog, apache, squid, etc. Look at src/analysisd/cleanevent.c to see how we do them..
Can you share what log you are trying to parse? Maybe a pre decoder isn't needed and you can use just the xml (way easier). Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On Tue, Jan 5, 2010 at 7:33 AM, Abey <[email protected]> wrote: > Hi , > > I was wondering if it is possible to define custom predecoders in > ossec ? > > I also have decoders and rule matching working ok on syslog . but i > have another log file which has format different from syslog and would > need to do predecoding before the decoding . > > > Thanks > Abey >
