hi,all now, i write the decoder like this
<decoder name="rsyslog"> <prematch>^(.*)\s+rsyslogd-pstats:\s+(.*)</prematch> <order>extra_data</order> </decoder> but when i restart the ossec 2013/02/27 20:04:21 ossec-analysisd(2107): ERROR: Decoder configuration error: 'rsyslog'. 2013/02/27 20:04:21 ossec-testrule(1202): ERROR: Configuration error at '/etc/decoder.xml'. Exiting. how can i do what? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
