On Fri, May 16, 2014 at 6:29 PM, Ashok <[email protected]> wrote: > my log sample is > > Sat May 17 02:52:17 2014 top_pro: 1.3 11.3 /usr/lib/firefox/firefox >
The timestamp is funky, and apparently not currently supported by ossec. > <decoder name="top_pro"> > <program_name>^top_pro</program_name> > </decoder> > > > When I run ossec-logtest, I it's not detecting.. > > On Saturday, May 17, 2014 3:39:12 AM UTC+5:30, Ashok wrote: >> >> The documents says we need to add decoder in local_decoder.xml. but only >> decoder.xml file is present inside /ossec/etc >> >> I install local ossec. Should I edit decoder.xml. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
