I've read here
(http://ossec-docs.readthedocs.org/en/latest/formats/json.html) in the
documentation, that we have a JSON format for alerts.
But it refer to what?
We can have standard alert (in /var/ossec/logs/alert/alert.log) in JSON
format, or it refer to the system via syslog?
I have this doubt cause when i match JSON format in the documentation from
my one in my syslog system output they differs.
Indeed i have this kind of format (grabbed from an UDP socket):
192.168.150.3:39957 - <132>Nov 6 17:11:11 linux-ji1g ossec:
{"crit":3,"id":5501,"component":"linux-ji1g->/var/log/messages","classification":"
pam,syslog,authentication_success,","description":"Login session
opened.","message":"2014-11-06T17:11:10.674152+01:00 linux-ji1g su:
pam_unix(su:session): session opened for user root by suseserver(uid=0)"}
And the fields are different from what the documentation says.
Thx to any clarification.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
