On Fri, Feb 28, 2014 at 7:32 AM, C. L. Martinez <[email protected]> wrote: > On Fri, Feb 28, 2014 at 11:31 AM, dan (ddp) <[email protected]> wrote: >> >> On Feb 28, 2014 6:27 AM, "C. L. Martinez" <[email protected]> wrote: >>> >>> Hi all, >>> >>> Somebody knows for what Bro-IDS version are the rules provided by >>> OSSEC: 2.1 or 2.2?? I am trying to test for Bro-IDS 2.2 and doesn't >>> seems they work ... >>> >>> On the other side, maybe I am doing the wrong tests, but for what Bro >>> IDS log files are?? >>> >> >> 1.4 or 1.6? >> > > Sorry, my OSSEC host is 2.7.1 and my Bro IDS is 2.2... Dan, Do you > mean that the rules and decoder in OSSEC 2.7.1 are only for Bro IDS > versions 1.4 or 1.6? >
Yes, they were for bro-ids 1.4 or 1.6, I can't remember for sure. They were experiments that never panned out. At the time it seemed like bro's logging was as bad as its documentation. I'm submitting a pull request to have the decoders/rules removed since they didn't really do anything. Please feel free to contribute more up to date versions. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
