On Mon, Mar 16, 2020 at 8:43 AM dan (ddp) <[email protected]> wrote:
>
> On Mon, Mar 16, 2020 at 8:16 AM Olivier Ragain
> <[email protected]> wrote:
> >
> > Hi,
> > So now the question is, why does it not work when i use:
> > <decoder_dir>decoders</decoder_dir> configuration in the ossec.conf file ?
> > I see that it is loading the file from the logs, but it fails to log the
> > decoder information itself and then ossec wont start.
> > Can anyone explain how to use the decoder_dir configuration element ?
> > I want to put all custom rules / decoders / lists in their own folder so
> > that when updates happen, I dont get wiped or impacted for some update
> > reasons.
> > Thanks
> >
>
> Can you provide the configuration you tried?
> I haven't used decoder_dir in a while, but it always worked in the past for
> me.
>
Using this allowed `ossec-logtest -t` to work for me:
<rules>
<decoder>etc/decoder.xml</decoder>
<decoder>etc/local_decoder.xml</decoder>
<decoder_dir>etc/decoders.d</decoder_dir>
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google Groups
> > "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to [email protected].
> > To view this discussion on the web visit
> > https://groups.google.com/d/msgid/ossec-list/f0d7b226-0fbe-4df8-9a23-c7759f18d347%40googlegroups.com.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ossec-list/CAMyQvMrApEXMjXh6Fr%3DXgxWsQUg4zwTPFniyUWa%2Bd4wBhw1Xjg%40mail.gmail.com.
