Sorry, what I meant to say is, the error messages are not all formatted the same. The two clearest examples I can find are FAILED: 301 and FAILED: 351.
119441-00001: P21129970pdf0080267.zip 0970-2 11-29970 pdf008 FAILED: -351 119441-00001: P21129970pdf0080267.zip 0420-3 (P21129970pdf0080267.zip) FAILED: -301 There is an extra \S+ in 'FAILED: 301' where '(P211......zip) resides before 'FAILED: -301'. What I was asking was how are you writing a decoder where it can address both different log messages? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
