I don't believe that this simple decoder doesn't work for my custom log:
<*decoder* name="fakeinc_custom">
<*prematch*>^Fakeinc: </*prematch*>
</*decoder*>
for this log:
*Mar 26 10:56:36 small-VirtualBox small: Fakeinc: service for:
[email protected] <[email protected]> Failed*After performing some test, i have
found that *program_name *tag is has to be present in order to decode, so
that's what worked for me :
<*decoder* name="fakeinc_custom">
<*program_name*>small</*program_name*>
<*prematch*>^Fakeinc: </*prematch*>
</*decoder*>
Or even without prematch tag, i can also do :
<*decoder* name="fakeinc_custom">
<*program_name*>small</*program_name*>
</*decoder*>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
