On Wed, Aug 14, 2013 at 10:41 AM, Nathaniel Bentzinger <[email protected]> wrote: > Sorry, the look and feel of the OSSEC site looks really similar to our > internal wordpress wiki site. I just saw large block of commented text in > decoders.xml: >
I believe the main site is wordpress. > <!-- > - Allowed fields: > - location - where the log came from (only on FTS) > - srcuser - extracts the source username > - dstuser - extracts the destination (target) username > - user - an alias to dstuser (only one of the two can be used) > - srcip - source ip > - dstip - dst ip > - srcport - source port > - dstport - destination port > - protocol - protocol > - id - event id > - url - url of the event > - action - event action (deny, drop, accept, etc) > - status - event status (success, failure, etc) > - extra_data - Any extra data > --> > > My comment coloring for whatever reason on CentOS is deep blue which doesn't > show up well in our bright office. I've got to change that. > The default colors in linux terminals are horrible. I don't know why people put up with that. I'll go ahead and toss this into the documentation, thanks > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of dan (ddp) > Sent: Wednesday, August 14, 2013 10:33 AM > To: [email protected] > Subject: Re: [ossec-list] Complete list of order attributes for decoder? > > On Wed, Aug 14, 2013 at 10:29 AM, Nathaniel Bentzinger > <[email protected]> wrote: >> I'm writing up a decoder for dotdefender on windows and I noticed that >> I can't seem to grab anything I want in the decoder's <order> field >> unless I use the ones I'm finding in the decoder.xml file. What's the >> complete list of order attributes? I'm not finding anything on the wiki. >> > > > That's good, there is no wiki. > > I feel like this has been brought up before, and I haven't gotten around to > looking at the code to find out. If you do it, let us know. > :) > >> >> >> Thanks >> >> >> >> -- >> >> --- >> You received this message because you are subscribed to the Google >> Groups "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send >> an email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
