On Feb 27, 2013 7:27 AM, "root" <[email protected]> wrote: > > hi,all > > now, i write the decoder like this > > <decoder name="rsyslog"> > <prematch>^(.*)\s+rsyslogd-pstats:\s+(.*)</prematch>
This looks like an attempt at regex. I think the syntax is off, but I can't be sure without a sample. > <order>extra_data</order> You need a <regex>. > </decoder> > > but when i restart the ossec > > 2013/02/27 20:04:21 ossec-analysisd(2107): ERROR: Decoder configuration error: 'rsyslog'. > 2013/02/27 20:04:21 ossec-testrule(1202): ERROR: Configuration error at '/etc/decoder.xml'. Exiting. > > how can i do what? > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
