Use syslog instead "rsyslog"
2013/2/27 root <[email protected]> > ** ******** > hi,all > > now, i write the decoder like this > > <decoder name="rsyslog"> > <prematch>^(.*)\s+rsyslogd-pstats:\s+(.*)</prematch> > <order>extra_data</order> > </decoder> > > but when i restart the ossec > > > 2013/02/27 20:04:21 ossec-analysisd(2107): ERROR: Decoder configuration > error: 'rsyslog'. > > 2013/02/27 20:04:21 ossec-testrule(1202): ERROR: Configuration error at > '/etc/decoder.xml'. Exiting. > > how can i do what? > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
