>What data are you trying to shove into variables? That's what your >regex will be concerned with.
I just want to echo the 'Attempt number', the server name, and the fact that the socket/connection was not made. What would the difference between after_regex and after_prematch be? Is after_prematch displaying the log information after the prematch? For example, I have to match the information post ::\S+:\S+\S+ using the variables, or can I manipulate how the log is displayed with my own variables and using <order>? I have no idea what after_regex does. I think once I understand those two I can start to play around and figure things out on my own more. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
