I have been looking at doing something similar, is it possible to send only part of the decoded message? I have a decoder built to parse through a log file and would like to send the alert description and the extra data field if possible.
Is this possible without a large amount of code change? If not then it is not a concern and I can deal with the data I am receiving at this time. Thanks, Patrick Tomblin Infrastructure Support Specialist Frisch's Restaurants Inc. "Tell me and Ill forget , Show me and I may remember, Involve me and I will understand" Author Unknown -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Daniel Cid Sent: Friday, March 30, 2012 12:00 PM To: [email protected] Subject: Re: [ossec-list] Sending description to third party device Not without code changes. You would have to modify the file src/os_csyslogd/alert.c to remove the log[0] from the final message. Thanks, -- Daniel B. Cid http://dcid.me On Fri, Mar 30, 2012 at 11:09 AM, C. L. Martinez <[email protected]> wrote: > Hi all, > > I have configured an ossec server to forward data to a third party > device via syslog. But instead to forward all log data I would like to > forward only the alert description. Is it possible to do this with > ossec?? > > Thanks.
