On Fri, Mar 13, 2020 at 2:28 PM Olivier Ragain
wrote:
>
> Hi,
> I've created a custom decoder:
>
> ^sshd
>
>
>
> sshd-custom
> ^Bad protocol version
> ^\S+ from (\S+) port (\S+)$
> srcip,srcport
>
>
> When I restart the engine to load it, I end up with the following error:
> 2020/03/13 18:21:54 ossec-testrule: INFO: Reading decoder file
> decoders/ssh_decoder.xml.
> 2020/03/13 18:21:54 ossec-analysisd(2106): ERROR: Error adding decoder plugin.
> 2020/03/13 18:21:54 ossec-testrule: INFO: Reading the lists file:
> 'lists/approved_scanners_list'
> 2020/03/13 18:21:54 ossec-analysisd: Invalid decoder name: 'pam'.
> 2020/03/13 18:21:54 ossec-testrule(1220): ERROR: Error loading the rules:
> 'pam_rules.xml'.
>
> Where is the error in my decoder?
>
I don't receive an error when I add the decoders to local_decoders.xml.
Which version of OSSEC are you using?
> Thanks
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ossec-list/9e0d792c-1b50-43fb-86e9-71d229dd17bd%40googlegroups.com.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ossec-list/CAMyQvMo1_tMuHUB-1WGRuV6zw0SdGpVS%3D4BFdXxQaPJm6zHwVw%40mail.gmail.com.