I created a custom decoder (in local_decoder.xml) to parse a log file from an application that is similar in format to syslog. I also created the corresponding custom rule (in local_rules.xml) to trigger on a particular event.
While testing all of this, when I run ossec-logtest, I get success. But now that I restart OSSEC, I never receive and alert. I look at the ossec.log file and it has analyzed the particular log file of interest. What am I missing? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
