On Wed, Feb 15, 2017 at 1:03 PM, Ralph Durkee <[email protected]> wrote: > I'm surprised I'm not finding a quick answer to this one in my searches, so > hopefully this will be quick. > OSSEC is not parsing log files with a priority prefix, in the rfc3164 / BSD > format. The prematch fails. For example > > <13>Feb 15 12:59:01 hostname progname: message here > > ossec-logtest decode doesn't even find a host name or a program name. If > the prefix is manually removed it's parsed just fine of course. Given the > prefix is a standard format it would seem that there must be a simple means > to get the prematch to work correctly. >
Most syslogds seem to strip this off the logs they write to disk.Which daemon are you using? > Thanks > -- Ralph > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
