Question, because not all of the logs will have (\S+), the (P##############.zip) as in error 301, is that why you put it in the regex offset? Or can the decoder not pick it up because it is in (\S+) or does it not even need to be stated in the prematch/offset?
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
