Here are the results, said decoder did not match and it picked up another
rule? Not sure where I'm going wrong with this one:
ossec-testrule: Type one log per line.
119473-00001: P10500079pdfdoc0375.zip 0424-1 05-00079 pdfdoc
FAILED: -351
**Phase 1: Completed pre-decoding.
full event: '119473-00001: P10500079pdfdoc0375.zip 0424-1
05-00079 pdfdoc FAILED: -351'
hostname: 'reston-cacti'
program_name: '(null)'
log: '119473-00001: P10500079pdfdoc0375.zip 0424-1
05-00079 pdfdoc FAILED: -351'
**Phase 2: Completed decoding.
No decoder matched.
Trying rule: 100002 - BATCH FAILED: error generated (This is the rule I
made)
*Rule 1002 matched.
*Trying child rules.
Trying rule: 1009 - Ignoring known false positives on rule 1002..
**Phase 3: Completed filtering (rules).
Rule id: '1002'
Level: '2'
Description: 'Unknown problem somewhere in the system.'
**Alert to be generated.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
