Hi every one, I'm tring to implement in wazuh a usb monitoring, based on list check in order to define if and USB storage devise is autorized or not. I found a guide on wazuh blog that I followed steb by step, when I run the configuration check all seems work fine, but when I log on the web interface I have the following error:
"Manager - Status: Wazuh API returned an error message. Error: Error reading decoder files: 0380-windows_decoders.xml. Error: not well-formed (invalid token): line 680, column 26" Follow the related parser code taken from the blog: <decoder name="windows_fields"> <type>windows</type> <parent>windows</parent> <regex>USBSTOR#Disk&Ven_(\S*)&Prod_(\S*)&Rev_(\.*)#(\S*)&0#\S*\s</regex> <order>usb.vendor, usb.product, usb.rev, usb.serial_number</order> </decoder> I can not understand wher is the problem, someone cam help me? Thanks Marco -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
