Hello,
I would like some help and pointers to create a decoder. So I ran the line
from the access log (see below). What I would like to accomplish is to
match: <match>python-requests/2.2.1</match> However as you can see at the
moment the default decoder for rule 31101, does only store the srcip, url
and id field. Some help to get me started would be much appreciated.
log-test: 'srcpip - admin [03/Aug/2017:21:30:44 +0200] "GET / HTTP/1.1" 404
169 "-" "python-requests/2.2.1 CPython/2.7.6 Linux/3.13.0-24-generic"'
**Phase 2: Completed decoding.
decoder: 'web-accesslog'
srcip: ''
url: '/'
id: '404'
**Phase 3: Completed filtering (rules).
Rule id: '31101'
Level: '5'
Description: 'Web server 400 error code.'
**Alert to be generated.
Kind regards,
Fredrik
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
