Dan, I was cleaning up some of my bookmarks and came across the following URL: http://www.mail-archive.com/[email protected]/msg02722.html
It appears that "<use_own_name>" will ensure that the child decoder name is used, rather than the parent. I haven't tried it out yet, but coming from dcid I assume it works! On Apr 8, 2013, at 11:12 AM, dan (ddp) <[email protected]> wrote: > On Mon, Apr 8, 2013 at 11:09 AM, Chris Decker <[email protected]> wrote: >> All, >> >> I have a decoder, and then a 'sub-decoder' that refers to the parent. I'd >> like to have OSSEC report the 'sub-decoder's name rather than the parents. >> I recall seeing something about this on the distro list awhile back but >> can't locate it. I also couldn't find any mention of it on the Decoders >> Syntax help documentation. >> >> Can someone help me out? >> > > I think you'll have to modify the source. > >> >> >> >> Thanks, >> Chris >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
