119443-00001: P10500079pdfdoc0375.zip 0424-1 05-00079 pdfdoc
FAILED: -351
>From the log will come up as my 'parent' rule.
**Phase 3: Completed filtering (rules).
Rule id: '100002'
Level: '4'
Description: 'BATCH FAILED: error generated '
**Alert to be generated.
(RULES local_rules.xml)
<group name="bnc3prod">
<rule id="100002" level="4">
<decoded_as>bnc3prod</decoded_as>
<description>BATCH FAILED: error generated </description>
</rule>
<rule id="100052" level="10">
<if_sid>100002</if_sid>
<status>FAILED</status>
<match>351</match>
<description>FAILED 351: PDF error</description>
</rule>
But I think it is failing at the <status></status.
Also it is my mistake for assuming all error logs had the same format.
FAILED 301 outputs this in reduce.%m%d
119442-00001: P21129970pdf0080267.zip 0420-3
(P21129970pdf0080267.zip) FAILED: -301
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
