On Feb 27, 2013 7:38 AM, "R0me0 ***" <[email protected]> wrote: > > Use syslog instead "rsyslog" >
You are confused. > > 2013/2/27 root <[email protected]> >> >> hi,all >> >> now, i write the decoder like this >> >> <decoder name="rsyslog"> >> <prematch>^(.*)\s+rsyslogd-pstats:\s+(.*)</prematch> >> <order>extra_data</order> >> </decoder> >> >> but when i restart the ossec >> >> 2013/02/27 20:04:21 ossec-analysisd(2107): ERROR: Decoder configuration error: 'rsyslog'. >> 2013/02/27 20:04:21 ossec-testrule(1202): ERROR: Configuration error at '/etc/decoder.xml'. Exiting. >> >> how can i do what? >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> > > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
