Sorry, the look and feel of the OSSEC site looks really similar to our internal wordpress wiki site. I just saw large block of commented text in decoders.xml:
<!-- - Allowed fields: - location - where the log came from (only on FTS) - srcuser - extracts the source username - dstuser - extracts the destination (target) username - user - an alias to dstuser (only one of the two can be used) - srcip - source ip - dstip - dst ip - srcport - source port - dstport - destination port - protocol - protocol - id - event id - url - url of the event - action - event action (deny, drop, accept, etc) - status - event status (success, failure, etc) - extra_data - Any extra data --> My comment coloring for whatever reason on CentOS is deep blue which doesn't show up well in our bright office. I've got to change that. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of dan (ddp) Sent: Wednesday, August 14, 2013 10:33 AM To: [email protected] Subject: Re: [ossec-list] Complete list of order attributes for decoder? On Wed, Aug 14, 2013 at 10:29 AM, Nathaniel Bentzinger <[email protected]> wrote: > I'm writing up a decoder for dotdefender on windows and I noticed that > I can't seem to grab anything I want in the decoder's <order> field > unless I use the ones I'm finding in the decoder.xml file. What's the > complete list of order attributes? I'm not finding anything on the wiki. > That's good, there is no wiki. I feel like this has been brought up before, and I haven't gotten around to looking at the code to find out. If you do it, let us know. :) > > > Thanks > > > > -- > > --- > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
