Hello. I have been tuning a recent install of OSSEC. I know the rule ID and description of the rule I want to suppress for a particular parameter. However, I do not know if the parameter from the log message has been decoded. For that I would need to know which decoder file to look for under /var/ossec/etc/decoders/ so I can identify what name the parameter has been decoded as. How would I achieve this?
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
