Hi,
I've created a custom decoder:
<decoder name="sshd-custom">
<program_name>^sshd</program_name>
</decoder>
<decoder name="sshd-bad-protocol-version">
<parent>sshd-custom</parent>
<prematch>^Bad protocol version</prematch>
<regex offset="after_prematch">^\S+ from (\S+) port (\S+)$</regex>
<order>srcip,srcport</order>
</decoder>
When I restart the engine to load it, I end up with the following error:
2020/03/13 18:21:54 ossec-testrule: INFO: Reading decoder file decoders/
ssh_decoder.xml.
2020/03/13 18:21:54 ossec-analysisd(2106): ERROR: Error adding decoder
plugin.
2020/03/13 18:21:54 ossec-testrule: INFO: Reading the lists file:
'lists/approved_scanners_list'
2020/03/13 18:21:54 ossec-analysisd: Invalid decoder name: 'pam'.
2020/03/13 18:21:54 ossec-testrule(1220): ERROR: Error loading the rules:
'pam_rules.xml'.
Where is the error in my decoder?
Thanks
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ossec-list/9e0d792c-1b50-43fb-86e9-71d229dd17bd%40googlegroups.com.
