This is the log sent to ossec:
Apr 24 03:21:41 TS5400R33A kernelmon: cmd=ioerr sdc READ 50030496 1
If I run threw logtest i get iptables as the final decoder:
**Phase 1: Completed pre-decoding.
full event: 'Apr 24 03:21:41 TS5400R33A kernelmon: cmd=ioerr sdc
READ 50030496 1'
hostname: 'TS5400R33A'
program_name: 'kernelmon'
log: 'cmd=ioerr sdc READ 50030496 1'
**Phase 2: Completed decoding.
decoder: 'iptables'
I tried to make other custom decoders using iptables as the parent and or
totally new decoders for this log but it always decodes the same.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
