do yourself a big favor and translate everything to UTF8, using anything else is
gong to cause you problems eventually.
David Lang
On Wed, 27 May 2015, T-SOC Operations wrote:
Thanks fort he suggestion, in my case i'd to use: ISO-8859-1
-----Ursprüngliche Nachricht-----
Von: [email protected] [mailto:[email protected]] Im
Auftrag von David Lang
Gesendet: Mittwoch, 27. Mai 2015 19:08
An: [email protected]
Betreff: Re: AW: AW: [ossec-list] OSSEC 2.8.1 JSON Format and Logstash
challenges
on the input, force everything to utf8
On Wed, 27 May 2015, T-SOC Operations wrote:
Date: Wed, 27 May 2015 19:02:33 +0200
From: T-SOC Operations <[email protected]>
Reply-To: [email protected]
To: [email protected]
Subject: AW: AW: [ossec-list] OSSEC 2.8.1 JSON Format and Logstash
challenges
Hi david,
thanks for your time & patience!
If i just used those filters, i do get " _jsonparsefailure".
so i just created different grok filters to match the messy encoded
messages, but what I've seen as well, different encoding, depending on the
ossec agent soure (linux versus windows :-)...so I've to play around with
charsets as well.
Cheers,
gerald
