Thank you for time Dan,without you explorin ossec would be so difficult The problem was https was not installed on the system i installed and everything work fine .Now i wanna create some custom decoder to match it with rule "unkown problem found in the system" and when i type error to get an alert, and log file format: 2018-09-03 WARN test 2018-09-03 ERROR test text to be alerted to, something like this. send email for warn only if the text contains error: 2018-09-03 WARN test error text . Is this possible od to it with ossec decoder ??
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
