Yes, reduce.0630 would be uploaded today on 1st of July. So it is a day behind/old.
Okay I will add the conf suggestions. Dan would you mind error-checking the decoder I wrote? I think I may have done it wrong. Typically a reduce.%m%d file will contain several hundred of these: 119445-00025: P31128449pdf9030215.zip 0312-3 11-28449 pdf903 FAILED: -351 If there is an error, there will be a FAILED: (301-351) after. The first numerical number where the line starts is always changing, as well as the zip file and all numbers. The only thing that is static is 'FAILED: '. Here is the decoder I wrote and I can't seem to figure out how to address it (not in manual). <decoder name=”bnc-decoder”> <prematch>^\d+ \s+ \w+ \s+ \d+ \s+ \d+ \w+ \s+ \d+</prematch> <regex offset=”after_prematch”>[(\w+)] FAILED (\d+)</regex> </decoder> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
