Sorry, my bad Dan, thanks anyways, i have a start point now. Regards!
El lun., 14 oct. 2019 a las 10:56, dan (ddp) (<ddp...@gmail.com>) escribió: > On Mon, Oct 14, 2019 at 9:54 AM Diego S <rabits...@gmail.com> wrote: > > > > Hi! > > > > i tried with a updated version and im still getting the same error :S > > > > That's Wazuh. I don't know enough about their project to help. > > > > > > > El sáb., 12 oct. 2019 a las 9:12, dan (ddp) (<ddp...@gmail.com>) > escribió: > >> > >> > >> > >> On Fri, Oct 11, 2019 at 2:03 PM Diego S <rabits...@gmail.com> wrote: > >>> > >>> Im using 2.0 version. > >> > >> > >> 2.0 is ancient. Not much I can do to help with that. > >> > >>> > >>> Im not able to find the syntax error. > >>> > >>> Thanks! > >>> > >>> El vie., 11 oct. 2019 a las 14:51, dan (ddp) (<ddp...@gmail.com>) > escribió: > >>>> > >>>> On Fri, Oct 11, 2019 at 1:41 PM Diego S <rabits...@gmail.com> wrote: > >>>> > > >>>> > Thnaks you very much for your response. > >>>> > Let me know if am i wrong. The decoder will be like this: > >>>> > > >>>> > <decoder name="Brocade-format"> > >>>> > <prematch>^\d+\s\w\w\w\w\w, </prematch> > >>>> > </decoder> > >>>> > > >>>> > <decoder name="Brocade-login"> > >>>> > <parent>Brocade-format</parent> > >>>> > <regex offset="after_parent">^\d\d\d\d/\d\d/\d\d-\d\d:\d\d:\d\d > \(\S+\), \[\S+\], \S+, \S+, /S+)/\S+(/\w+/\S+),</regex> > >>>> > <order>user,second</order> > >>>> > </decoder> > >>>> > > >>>> > <decoder name="squid-accesslog"> > >>>> > <type>squid</type> > >>>> > <prematch>^\d+ \S+ </prematch> > >>>> > <regex>^\d+ (\S+) (\w+)/(\d+) \d+ \w+ (\S+) </regex> > >>>> > <order>srcip,action,id,url</order> > >>>> > </decoder> > >>>> > > >>>> > But im getting a syntax error and i dont know why or where. > >>>> > > >>>> > 2019/10/11 12:05:07 ossec-analysisd(1450): ERROR: Syntax error on > regex: '^\d\d\d\d/\d\d/\d\d-\d\d:\d\d:\d\d\(\S+\), \[\S+\], \S+, \S+, > (\S+)/\S+(/\w+/\S+)': 6. > >>>> > > >>>> > >>>> I'm not sure what's wrong there. Which version of OSSEC are you using? > >>>> > >>>> > Thanks and regards! > >>>> > > >>>> > -- > >>>> > > >>>> > --- > >>>> > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > >>>> > To unsubscribe from this group and stop receiving emails from it, > send an email to ossec-list+unsubscr...@googlegroups.com. > >>>> > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/CAGQH4FLk08YBG4NhaVQ9vG-nB-zF2%2Bo1GwnxSSvRbE62MGH2qA%40mail.gmail.com > . > >>>> > >>>> -- > >>>> > >>>> --- > >>>> You received this message because you are subscribed to the Google > Groups "ossec-list" group. > >>>> To unsubscribe from this group and stop receiving emails from it, > send an email to ossec-list+unsubscr...@googlegroups.com. > >>>> > >>>> To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/CAMyQvMpCiBxvjLv5_memm7H%2BFPO4JTeiKGDLqpw72f8RA6dvMw%40mail.gmail.com > . > >>> > >>> -- > >>> > >>> --- > >>> You received this message because you are subscribed to the Google > Groups "ossec-list" group. > >>> To unsubscribe from this group and stop receiving emails from it, send > an email to ossec-list+unsubscr...@googlegroups.com. > >>> To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/CAGQH4F%2BqTDKSiMJXBtCWmewR2SR1oDRiTpTwQBB%3Dm21mQrs-Ag%40mail.gmail.com > . > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to the Google > Groups "ossec-list" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an email to ossec-list+unsubscr...@googlegroups.com. > >> To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/CAMyQvMrEQhqC%3D5_ggxQkf8hLExg3iJVG77b9xxp4_YmTB-jt8A%40mail.gmail.com > . > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to ossec-list+unsubscr...@googlegroups.com. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/CAGQH4FLLsptFocLfeLdZ0vLnCKVN_RkWVA5EbJPs_X2SVQytwQ%40mail.gmail.com > . > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/CAMyQvMpafeA_0FcmJ5jc%2BtfpiE79FjdbGgApzTVVANCCQpCAYQ%40mail.gmail.com > . > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAGQH4F%2BLxTF__RnxqNU9H35nw%3Dy_%3DhDpq86E_3H_qF%2BQGjysBA%40mail.gmail.com.
