Want to decode this log message:
{"app":"OCP\\Share","message":"Sharing backend
OCA\\Contacts\\Share\\Addressbook not registered,
OCA\\Contacts\\Share\\Addressbook is already registered for
addressbook","level":2,"time":"2014-01-23T17:59:34+00:00"}
My ossec.conf file:
<ossec_config>
<localfile>
<log_format>syslog</log_format>
<location>/var/www/path-to-owncloud/data/owncloud.log</location>
</localfile>
</ossec_config>
And the local_decoder.xml file:
<decoder name="owncloud">
<program_name></program_name>
<prematch>^{"app":[^}]*}</prematch>
</decoder>
Response from ossec-logtest:
**Phase 1: Completed pre-decoding.
full event: '{"app":"OCP\\Share","message":"Sharing backend
OCA\\Contacts\\Share\\Addressbook not registered,
OCA\\Contacts\\Share\\Addressbook is already registered for
addressbook","level":2,"time":"2014-01-23T17:59:34+00:00"}'
hostname: 'cloud'
program_name: '(null)'
log: '{"app":"OCP\\Share","message":"Sharing backend
OCA\\Contacts\\Share\\Addressbook not registered,
OCA\\Contacts\\Share\\Addressbook is already registered for
addressbook","level":2,"time":"2014-01-23T17:59:34+00:00"}'
**Phase 2: Completed decoding.
No decoder matched.
Could you please point me in the right direction? How do I get the decoder
matching my log message? I tried many combinations of program_name and
prematch nothing did work.
greetings
Sunny
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
