On Mon, Oct 14, 2019 at 9:54 AM Diego S <[email protected]> wrote: > > Hi! > > i tried with a updated version and im still getting the same error :S >
That's Wazuh. I don't know enough about their project to help. > > > El sáb., 12 oct. 2019 a las 9:12, dan (ddp) (<[email protected]>) escribió: >> >> >> >> On Fri, Oct 11, 2019 at 2:03 PM Diego S <[email protected]> wrote: >>> >>> Im using 2.0 version. >> >> >> 2.0 is ancient. Not much I can do to help with that. >> >>> >>> Im not able to find the syntax error. >>> >>> Thanks! >>> >>> El vie., 11 oct. 2019 a las 14:51, dan (ddp) (<[email protected]>) escribió: >>>> >>>> On Fri, Oct 11, 2019 at 1:41 PM Diego S <[email protected]> wrote: >>>> > >>>> > Thnaks you very much for your response. >>>> > Let me know if am i wrong. The decoder will be like this: >>>> > >>>> > <decoder name="Brocade-format"> >>>> > <prematch>^\d+\s\w\w\w\w\w, </prematch> >>>> > </decoder> >>>> > >>>> > <decoder name="Brocade-login"> >>>> > <parent>Brocade-format</parent> >>>> > <regex offset="after_parent">^\d\d\d\d/\d\d/\d\d-\d\d:\d\d:\d\d >>>> > \(\S+\), \[\S+\], \S+, \S+, /S+)/\S+(/\w+/\S+),</regex> >>>> > <order>user,second</order> >>>> > </decoder> >>>> > >>>> > <decoder name="squid-accesslog"> >>>> > <type>squid</type> >>>> > <prematch>^\d+ \S+ </prematch> >>>> > <regex>^\d+ (\S+) (\w+)/(\d+) \d+ \w+ (\S+) </regex> >>>> > <order>srcip,action,id,url</order> >>>> > </decoder> >>>> > >>>> > But im getting a syntax error and i dont know why or where. >>>> > >>>> > 2019/10/11 12:05:07 ossec-analysisd(1450): ERROR: Syntax error on regex: >>>> > '^\d\d\d\d/\d\d/\d\d-\d\d:\d\d:\d\d\(\S+\), \[\S+\], \S+, \S+, >>>> > (\S+)/\S+(/\w+/\S+)': 6. >>>> > >>>> >>>> I'm not sure what's wrong there. Which version of OSSEC are you using? >>>> >>>> > Thanks and regards! >>>> > >>>> > -- >>>> > >>>> > --- >>>> > You received this message because you are subscribed to the Google >>>> > Groups "ossec-list" group. >>>> > To unsubscribe from this group and stop receiving emails from it, send >>>> > an email to [email protected]. >>>> > To view this discussion on the web visit >>>> > https://groups.google.com/d/msgid/ossec-list/CAGQH4FLk08YBG4NhaVQ9vG-nB-zF2%2Bo1GwnxSSvRbE62MGH2qA%40mail.gmail.com. >>>> >>>> -- >>>> >>>> --- >>>> You received this message because you are subscribed to the Google Groups >>>> "ossec-list" group. >>>> To unsubscribe from this group and stop receiving emails from it, send an >>>> email to [email protected]. >>>> >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/ossec-list/CAMyQvMpCiBxvjLv5_memm7H%2BFPO4JTeiKGDLqpw72f8RA6dvMw%40mail.gmail.com. >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ossec-list/CAGQH4F%2BqTDKSiMJXBtCWmewR2SR1oDRiTpTwQBB%3Dm21mQrs-Ag%40mail.gmail.com. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ossec-list/CAMyQvMrEQhqC%3D5_ggxQkf8hLExg3iJVG77b9xxp4_YmTB-jt8A%40mail.gmail.com. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/CAGQH4FLLsptFocLfeLdZ0vLnCKVN_RkWVA5EbJPs_X2SVQytwQ%40mail.gmail.com. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMpafeA_0FcmJ5jc%2BtfpiE79FjdbGgApzTVVANCCQpCAYQ%40mail.gmail.com.
