On 09/20/2013 05:20 AM, Michel Käser wrote:
Suggestions
-----------
1. Daily/weekly/monthly reports
You mean like this? http://www.ossec.net/doc/programs/ossec-reportd.html
2. Log file name/location for decoder
I'm not very sure if this is really needed. I however have some very
generic log files that don't contain any app/system name etc. - just the
plain information.
Having a lot of these logs may/can lead to decoder problems (e.g. the
decoder has to be very generic too and it will become hard to write ones
that still extract the right information.
Example: In decoder definition, allow
<log_file>/var/log/auth.log</log_file> so the decoder only is activated
if the message is from given log file.
I'm not sure how this could be accomplished since analysisd doesn't
really know where the log came from. It just sees a log line and parses it.
4. A public issue tracker
As "jrossi" mentioned on IRC (if I interpreted right) he's thinking
about how to grow the OSSEC (developer) community. Well - personally I
guess a public issue tracker could help.
JB is the current maintainer, so the official place to submit bugs is
here: https://bitbucket.org/jbcheng/ossec-hids/issues?status=new&status=open
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
