Thnaks you very much for your response. Let me know if am i wrong. The decoder will be like this:
<decoder name="Brocade-format"> <prematch>^\d+\s\w\w\w\w\w, </prematch> </decoder> <decoder name="Brocade-login"> <parent>Brocade-format</parent> <regex offset="after_parent">^\d\d\d\d/\d\d/\d\d-\d\d:\d\d:\d\d \(\S+\), \[\S+\], \S+, \S+, /S+)/\S+(/\w+/\S+),</regex> <order>user,second</order> </decoder> <decoder name="squid-accesslog"> <type>squid</type> <prematch>^\d+ \S+ </prematch> <regex>^\d+ (\S+) (\w+)/(\d+) \d+ \w+ (\S+) </regex> <order>srcip,action,id,url</order> </decoder> But im getting a syntax error and i dont know why or where. 2019/10/11 12:05:07 ossec-analysisd(1450): ERROR: Syntax error on regex: '^\d\d\d\d/\d\d/\d\d-\d\d:\d\d:\d\d\(\S+\), \[\S+\], \S+, \S+, (\S+)/\S+(/\w+/\S+)': 6. Thanks and regards! -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAGQH4FLk08YBG4NhaVQ9vG-nB-zF2%2Bo1GwnxSSvRbE62MGH2qA%40mail.gmail.com.
