yes,i think this is a Unicode issue,but when i user agent on windows ,that no
this issue,when i use windows event->syslog that is it.
thanks&Best Regards
From: George Ehrhorn
Date: 2013-01-22 19:59
To: ossec-list
Subject: [ossec-list] Re: syslog analysis Garbage characters
Unicode issue? Sorry, I don't have any experience using this with foreign
language support.
-George
On Tuesday, January 22, 2013 2:10:13 AM UTC-5, root wrote:
hi,all
this is my ossec mail alert
OSSEC HIDS Notification.
2013 Jan 18 05:30:32
Received From: REC-01->/var/log/syslog
Rule: 1003 fired (level 13) -> "Non standard syslog message (size too large)."
Portion of the log(s):
Jan 18 05:30:22 REC-01 Windows_Update_Agent: 17: 瀹��宸插�澶�ソ:
涓��瀹��宸茬�涓�浇锛��浠ュ�瑁��瑕��瑁��浜���帮����浠ョ����韬�唤�诲��版�璁$��猴��跺�Windows
灏��渚��涓�����绀� - Windows Server 2003 瀹���存�绋�� (KB2719985) - Windows Server
2003 瀹���存�绋�� (KB2724197) - Microsoft Security Essentials 瀹���存� �?KB2310138
(瀹�� 1.143.162.0) - Windows Server 2003 瀹���存�绋�� (KB2655992) - �ㄤ� Windows
Server 2003 �?Windows Server 2003 R2 x86 涓�� Microsoft .NET Framework 1.1 SP1
����ㄦ��扮�搴?(KB2742604) - Windows Server 2003 瀹���存�绋�� (KB2758857) - Windows
Server 2003 瀹���存�绋�� (KB2753842) - Windows Server 2003 瀹���存�绋�� (KB2705219) -
Windows Server 2003 瀹���存�绋�� (KB2691442) - Windows XP �?Windows Server 2003
����扮�搴?(KB2798897) - Windows Server 2003 �存�绋�� (KB2749655) - Windows Server
2003 �存�绋�� (KB2748349) - Windows Server 2003 瀹���存�绋�� (KB27275<29>Jan 18
05:30:22 REC-01 Windows_Update_Agent: 17: 安装已准备好:
下列安装已经下载,可以安装。要安装这些更新,需要以管理员身份登录到此计算机,然后 Windows 将提供进一步的提示: - Windows Server
2003 安全更新程序 (KB2719985) - Windows Ser
--END OF NOTIFICATION
as you see,has Garbage characters in log.
my setting is
rsyslog->ossec server /var/logs/syslog->ossec analysis the local syslog->mail
alert
when i tail see the /var/logs/syslog,is not Garbage characters
i want ask it why ossec mail alert has Garbage characters ??
thanks&Best Regards
