Oh Hi Dan! Thanks for your helps so much! In the logs there is a field "username" as "ngapt" and "trunghq", can we extract this 2 fields in decoders Dan!
Vào 18:43:51 UTC+7 Thứ Năm, ngày 20 tháng 9 năm 2018, Khoa Phạm Anh đã viết: > > Hi Everybody, after I use log-test with these log but no result, please > anyone help me decode this!!! > > POP3: > 2018-08-26T00:00:03.269Z,00000000000EE085,2,xxx.xxx.xxx.4:995,xxx.xxx.xxx.234:50956,ngapt,2,10,56,pass,*****,"R=""-ERR > > Logon failure: unknown user name or bad > password."";Msg=LogonFailed:LogonDenied;ErrMsg=LogonFailed:LogonDenied" > > Imap4: > 2018-08-25T00:01:41.052Z,00000000000187EB,2,xxx.xxx.xxx.4:993,xxx.xxx.xxx.5:52332,trunghq,706,26,26,login,trunghq > > *****,"R=ok;Msg=""Proxy:DOMAIN.NAME:9933:SSL;ProxySuccess"";ActivityContextData=acf5cf60-96e0-4d4e-a6b6-1ff897e8148a" > > > Thanks, > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
