Hello Marco, This question has been solved in the Wazuh maillist in topic https://groups.google.com/forum/#!topic/wazuh/sFlNML0civk
Best regards, Marta On Friday, December 22, 2017 at 12:20:56 PM UTC+1, Marco wrote: > > Hi every one, > > I'm tring to implement in wazuh a usb monitoring, based on list check in > order to define if and USB storage devise is autorized or not. > I found a guide on wazuh blog that I followed steb by step, when I run the > configuration check all seems work fine, but when I log on the web > interface I have the following error: > > "Manager - Status: Wazuh API returned an error message. Error: Error > reading decoder files: 0380-windows_decoders.xml. Error: not well-formed > (invalid token): line 680, column 26" > > > Follow the related parser code taken from the blog: > > > > > > > > > > > > > > <decoder name="windows_fields"> > <type>windows</type> > <parent>windows</parent> > <regex>USBSTOR#Disk&Ven_(\S*)&Prod_(\S*)&Rev_(\.*)#(\S*)&0#\S*\s</regex> > <order>usb.vendor, usb.product, usb.rev, usb.serial_number</order> > </decoder> > > > > I can not understand wher is the problem, someone cam help me? > Thanks > Marco > > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
