It would be great to see the decoder entries that go with these rules ... I know this is an older post but maybe you are still around and can share the decoder and maybe the plugin as well?
On Monday, May 16, 2016 at 4:22:08 PM UTC-5, Brent Morris wrote: > > Rob - can you post your OSSEC version of the log? I can check my rules. > These are a culmination of gleaned rules that I updated some time back > with new event IDs. Yours is covered in there.... but I would like to > test it against a valid OSSEC log. So if you can post it from the OSSEC > logs, that'd be great. > > Here they are.. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
