simple-evcorr-users  

Messages by Date

• 2014/02/05 Re: [Simple-evcorr-users] new log files in a directory (ex. log rotate) John P. Rouillard
• 2014/02/05 [Simple-evcorr-users] new log files in a directory (ex. log rotate) Edward Gleeck
• 2014/02/05 Re: [Simple-evcorr-users] event mail Risto Vaarandi
• 2014/02/05 [Simple-evcorr-users] event mail andrewarnier
• 2014/01/31 Re: [Simple-evcorr-users] RANCID SEC Cisco intergration Risto Vaarandi
• 2014/01/31 Re: [Simple-evcorr-users] RANCID SEC Cisco intergration George Lakovski
• 2014/01/30 Re: [Simple-evcorr-users] RANCID SEC Cisco intergration Risto Vaarandi
• 2014/01/29 Re: [Simple-evcorr-users] RANCID SEC Cisco intergration George Lakovski
• 2014/01/29 Re: [Simple-evcorr-users] RANCID SEC Cisco intergration David Lang
• 2014/01/29 Re: [Simple-evcorr-users] RANCID SEC Cisco intergration Risto Vaarandi
• 2014/01/29 [Simple-evcorr-users] RANCID SEC Cisco intergration George Lakovski
• 2014/01/28 Re: [Simple-evcorr-users] PairWithWindow rule John P. Rouillard
• 2014/01/28 Re: [Simple-evcorr-users] PairWithWindow rule andrewarnier
• 2014/01/28 Re: [Simple-evcorr-users] PairWithWindow rule David Lang
• 2014/01/28 Re: [Simple-evcorr-users] rsyslog to sec problem James Lertora
• 2014/01/28 Re: [Simple-evcorr-users] rsyslog to sec problem Risto Vaarandi
• 2014/01/28 Re: [Simple-evcorr-users] rsyslog to sec problem James Lertora
• 2014/01/28 Re: [Simple-evcorr-users] rsyslog to sec problem Risto Vaarandi
• 2014/01/28 Re: [Simple-evcorr-users] rsyslog to sec problem Risto Vaarandi
• 2014/01/28 Re: [Simple-evcorr-users] rsyslog to sec problem James Lertora
• 2014/01/28 Re: [Simple-evcorr-users] rsyslog to sec problem John P. Rouillard
• 2014/01/28 Re: [Simple-evcorr-users] rsyslog to sec problem James Lertora
• 2014/01/28 [Simple-evcorr-users] Can you please unsubsribe my email from this list? Fahad Iqbal
• 2014/01/28 Re: [Simple-evcorr-users] rsyslog to sec problem Risto Vaarandi
• 2014/01/28 [Simple-evcorr-users] rsyslog to sec problem James Lertora
• 2014/01/28 Re: [Simple-evcorr-users] PairWithWindow rule Risto Vaarandi
• 2014/01/28 Re: [Simple-evcorr-users] PairWithWindow rule andrewarnier
• 2014/01/27 Re: [Simple-evcorr-users] PairWithWindow rule Risto Vaarandi
• 2014/01/27 Re: [Simple-evcorr-users] PairWithWindow rule Risto Vaarandi
• 2014/01/27 [Simple-evcorr-users] PairWithWindow rule andrewarnier
• 2014/01/27 [Simple-evcorr-users] PairWithWindow rule andrewarnier
• 2014/01/21 Re: [Simple-evcorr-users] Line not in keyword=value format or non-alphanumeric keyword Risto Vaarandi
• 2014/01/21 [Simple-evcorr-users] Line not in keyword=value format or non-alphanumeric keyword andrewarnier
• 2014/01/21 Re: [Simple-evcorr-users] Line not in keyword=value format or non-alphanumeric keyword David Lang
• 2014/01/21 [Simple-evcorr-users] Line not in keyword=value format or non-alphanumeric keyword andrewarnier
• 2014/01/15 Re: [Simple-evcorr-users] Is there a get number of events in a window action? John P. Rouillard
• 2014/01/15 Re: [Simple-evcorr-users] Is there a get number of events in a window action? Risto Vaarandi
• 2014/01/15 Re: [Simple-evcorr-users] Which is faster checking a context alias or a context for existence? Risto Vaarandi
• 2014/01/15 [Simple-evcorr-users] Is there a get number of events in a window action? John P. Rouillard
• 2014/01/15 [Simple-evcorr-users] Which is faster checking a context alias or a context for existence? John P. Rouillard
• 2014/01/15 [Simple-evcorr-users] sec-2.7.5 released Risto Vaarandi
• 2014/01/11 [Simple-evcorr-users] documentation updates for sec-2.7.5 Risto Vaarandi
• 2014/01/06 Re: [Simple-evcorr-users] Correlate multiple modsecurity alert. Risto Vaarandi
• 2014/01/06 Re: [Simple-evcorr-users] Correlate multiple modsecurity alert. termvrl term
• 2013/12/27 Re: [Simple-evcorr-users] Rsyslog send message bypass SEC. Risto Vaarandi
• 2013/12/27 Re: [Simple-evcorr-users] Correlate multiple modsecurity alert. Risto Vaarandi
• 2013/12/26 [Simple-evcorr-users] Rsyslog send message bypass SEC. termvrl term
• 2013/12/26 Re: [Simple-evcorr-users] Correlate multiple modsecurity alert. termvrl term
• 2013/12/19 [Simple-evcorr-users] Correlate multiple modsecurity alert. Risto Vaarandi
• 2013/12/17 Re: [Simple-evcorr-users] Correlate multiple modsecurity alert. David Lang
• 2013/12/17 Re: [Simple-evcorr-users] Correlate multiple modsecurity alert. termvrl term
• 2013/12/11 Re: [Simple-evcorr-users] Correlate multiple modsecurity alert. Risto Vaarandi
• 2013/12/03 Re: [Simple-evcorr-users] Correlate multiple modsecurity alert. Risto Vaarandi
• 2013/12/02 Re: [Simple-evcorr-users] Correlate multiple modsecurity alert. termvrl term
• 2013/12/01 Re: [Simple-evcorr-users] Correlate multiple modsecurity alert. Risto Vaarandi
• 2013/12/01 Re: [Simple-evcorr-users] Correlate multiple modsecurity alert. Tim Peiffer
• 2013/12/01 [Simple-evcorr-users] Correlate multiple modsecurity alert. termvrl term
• 2013/11/25 Re: [Simple-evcorr-users] Regex Pattern Matching in SEC David Lang
• 2013/11/25 [Simple-evcorr-users] Regex Pattern Matching in SEC termvrl term
• 2013/11/22 [Simple-evcorr-users] sans paper about rsyslog+sec for windows workstation logs Risto Vaarandi
• 2013/11/11 Re: [Simple-evcorr-users] Monitoring a log for a string and executing a command Risto Vaarandi
• 2013/11/09 Re: [Simple-evcorr-users] Using SEC Pair event to add additional information to a log Risto Vaarandi
• 2013/11/08 [Simple-evcorr-users] Using SEC Pair event to add additional information to a log Orangepeel Beef
• 2013/11/08 Re: [Simple-evcorr-users] Monitoring a log for a string and executing a command Risto Vaarandi
• 2013/11/08 Re: [Simple-evcorr-users] Monitoring a log for a string and executing a command Risto Vaarandi
• 2013/11/07 Re: [Simple-evcorr-users] Monitoring a log for a string and executing a command Risto Vaarandi
• 2013/11/07 Re: [Simple-evcorr-users] Monitoring a log for a string and executing a command Risto Vaarandi
• 2013/11/06 [Simple-evcorr-users] Monitoring a log for a string and executing a command GrillMaster
• 2013/11/02 Re: [Simple-evcorr-users] dbinsert.pl Risto Vaarandi
• 2013/11/02 [Simple-evcorr-users] dbinsert.pl Rolf Nufable
• 2013/11/02 [Simple-evcorr-users] DB instert .pl Rolf Nufable
• 2013/11/01 [Simple-evcorr-users] SEC key Rolf Nufable
• 2013/11/01 Re: [Simple-evcorr-users] SEC key Risto Vaarandi
• 2013/11/01 [Simple-evcorr-users] SEC key Rolf Nufable
• 2013/11/01 [Simple-evcorr-users] SEC key Rolf Nufable
• 2013/10/31 Re: [Simple-evcorr-users] SEC key for correlation Risto Vaarandi
• 2013/10/31 [Simple-evcorr-users] SEC key for correlation Rolf Nufable
• 2013/10/26 Re: [Simple-evcorr-users] SEC-2.7.4 released Risto Vaarandi
• 2013/10/26 Re: [Simple-evcorr-users] Reset SingleWithThreshold rule Rolf Nufable
• 2013/10/25 Re: [Simple-evcorr-users] SEC-2.7.4 released Risto Vaarandi
• 2013/10/25 Re: [Simple-evcorr-users] SEC-2.7.4 released David Lang
• 2013/10/25 Re: [Simple-evcorr-users] SEC-2.7.4 released Rolf Nufable
• 2013/10/18 Re: [Simple-evcorr-users] SEC in offline mode David Lang
• 2013/10/18 Re: [Simple-evcorr-users] SEC in offline mode Risto Vaarandi
• 2013/10/18 Re: [Simple-evcorr-users] SEC in offline mode John P. Rouillard
• 2013/10/18 [Simple-evcorr-users] SEC in offline mode saeed salah
• 2013/10/18 [Simple-evcorr-users] FW: Welcome to the "Simple-evcorr-users" mailing list (Digest mode) saeed salah
• 2013/10/09 Re: [Simple-evcorr-users] Mixing SEC command line args and SECRC Risto Vaarandi
• 2013/10/08 [Simple-evcorr-users] Mixing SEC command line args and SECRC John P. Rouillard
• 2013/10/08 Re: [Simple-evcorr-users] Realy Realy newbie question Risto Vaarandi
• 2013/10/08 Re: [Simple-evcorr-users] Realy Realy newbie question Risto Vaarandi
• 2013/10/08 Re: [Simple-evcorr-users] Realy Realy newbie question Pedro Serotto
• 2013/10/08 Re: [Simple-evcorr-users] Realy Realy newbie question Risto Vaarandi
• 2013/10/08 Re: [Simple-evcorr-users] Realy Realy newbie question Pedro Serotto
• 2013/10/08 Re: [Simple-evcorr-users] Realy Realy newbie question Pedro Serotto
• 2013/10/07 Re: [Simple-evcorr-users] Realy Realy newbie question Risto Vaarandi
• 2013/10/07 [Simple-evcorr-users] Realy Realy newbie question Pedro Serotto
• 2013/10/03 Re: [Simple-evcorr-users] Using Calendar to define an interval Risto Vaarandi
• 2013/10/03 Re: [Simple-evcorr-users] swatch2sec Risto Vaarandi
• 2013/10/03 Re: [Simple-evcorr-users] swatch2sec Ganji, Shashirekha Yadav
• 2013/10/02 Re: [Simple-evcorr-users] swatch2sec Risto Vaarandi
• 2013/10/01 [Simple-evcorr-users] swatch2sec Ganji, Shashirekha Yadav
• 2013/10/01 [Simple-evcorr-users] Fwd: Using Calendar to define an interval Risto Vaarandi
• 2013/09/30 Re: [Simple-evcorr-users] Using Calendar to define an interval John P. Rouillard
• 2013/09/30 Re: [Simple-evcorr-users] Ordering of event generation/correlation completion John P. Rouillard
• 2013/09/30 Re: [Simple-evcorr-users] Using Calendar to define an interval Risto Vaarandi
• 2013/09/30 Re: [Simple-evcorr-users] Ordering of event generation/correlation completion Risto Vaarandi
• 2013/09/29 [Simple-evcorr-users] Ordering of event generation/correlation completion John P. Rouillard
• 2013/09/29 [Simple-evcorr-users] Using Calendar to define an interval John P. Rouillard
• 2013/09/28 Re: [Simple-evcorr-users] string quoting and perl integration actions Risto Vaarandi
• 2013/09/28 Re: [Simple-evcorr-users] string quoting and perl integration actions Mark D. Nagel
• 2013/09/27 Re: [Simple-evcorr-users] string quoting and perl integration actions David Lang
• 2013/09/27 Re: [Simple-evcorr-users] string quoting and perl integration actions Mark D. Nagel
• 2013/09/27 Re: [Simple-evcorr-users] string quoting and perl integration actions David Lang
• 2013/09/27 Re: [Simple-evcorr-users] string quoting and perl integration actions Mark D. Nagel
• 2013/09/27 Re: [Simple-evcorr-users] string quoting and perl integration actions Risto Vaarandi
• 2013/09/27 Re: [Simple-evcorr-users] string quoting and perl integration actions Mark D. Nagel
• 2013/09/26 Re: [Simple-evcorr-users] Multiple Actions Max Clark
• 2013/09/26 Re: [Simple-evcorr-users] Multiple Actions David Lang
• 2013/09/26 [Simple-evcorr-users] Multiple Actions Max Clark
• 2013/09/25 Re: [Simple-evcorr-users] string quoting and perl integration actions Risto Vaarandi
• 2013/09/25 Re: [Simple-evcorr-users] [rsyslog] no dump files from SEC when run from rsyslog Risto Vaarandi
• 2013/09/24 Re: [Simple-evcorr-users] string quoting and perl integration actions Mark D. Nagel
• 2013/09/24 Re: [Simple-evcorr-users] [rsyslog] no dump files from SEC when run from rsyslog David Lang
• 2013/09/24 Re: [Simple-evcorr-users] [rsyslog] no dump files from SEC when run from rsyslog Risto Vaarandi
• 2013/09/24 Re: [Simple-evcorr-users] [rsyslog] no dump files from SEC when run from rsyslog Risto Vaarandi
• 2013/09/24 Re: [Simple-evcorr-users] [rsyslog] no dump files from SEC when run from rsyslog Risto Vaarandi
• 2013/09/23 Re: [Simple-evcorr-users] [rsyslog] no dump files from SEC when run from rsyslog Thomas Wollner
• 2013/09/23 Re: [Simple-evcorr-users] [rsyslog] no dump files from SEC when run from rsyslog Alberto Cortón
• 2013/09/23 Re: [Simple-evcorr-users] [rsyslog] no dump files from SEC when run from rsyslog David Lang
• 2013/09/23 Re: [Simple-evcorr-users] [rsyslog] no dump files from SEC when run from rsyslog John P. Rouillard
• 2013/09/23 Re: [Simple-evcorr-users] [rsyslog] no dump files from SEC when run from rsyslog David Lang
• 2013/09/23 Re: [Simple-evcorr-users] Reset SingleWithThreshold rule Damir Markovic
• 2013/09/23 Re: [Simple-evcorr-users] string quoting and perl integration actions Risto Vaarandi
• 2013/09/23 Re: [Simple-evcorr-users] string quoting and perl integration actions Mark D. Nagel
• 2013/09/23 Re: [Simple-evcorr-users] Reset SingleWithThreshold rule Risto Vaarandi
• 2013/09/23 Re: [Simple-evcorr-users] Reset SingleWithThreshold rule Risto Vaarandi
• 2013/09/23 Re: [Simple-evcorr-users] string quoting and perl integration actions Risto Vaarandi
• 2013/09/23 Re: [Simple-evcorr-users] Reset SingleWithThreshold rule Damir Markovic
• 2013/09/23 Re: [Simple-evcorr-users] Reset SingleWithThreshold rule Mark D. Nagel
• 2013/09/23 [Simple-evcorr-users] Reset SingleWithThreshold rule Damir Markovic
• 2013/09/22 [Simple-evcorr-users] string quoting and perl integration actions Mark D. Nagel
• 2013/09/19 Re: [Simple-evcorr-users] no dump files from SEC when run from rsyslog David Lang
• 2013/09/19 Re: [Simple-evcorr-users] no dump files from SEC when run from rsyslog Risto Vaarandi
• 2013/09/18 Re: [Simple-evcorr-users] no dump files from SEC when run from rsyslog John P. Rouillard
• 2013/09/18 [Simple-evcorr-users] no dump files from SEC when run from rsyslog David Lang
• 2013/09/18 Re: [Simple-evcorr-users] Problem with supressed events Risto Vaarandi
• 2013/09/18 Re: [Simple-evcorr-users] Problem with supressed events Robert Horvath
• 2013/09/17 [Simple-evcorr-users] Problem with supressed events Robert Horvath
• 2013/09/16 Re: [Simple-evcorr-users] what's the difference between Pair and PairWithWindow? Risto Vaarandi
• 2013/09/15 [Simple-evcorr-users] what's the difference between Pair and PairWithWindow? David Lang
• 2013/09/12 Re: [Simple-evcorr-users] Suppress after X number of occurrences within Y minutes Risto Vaarandi
• 2013/09/11 [Simple-evcorr-users] Suppress after X number of occurrences within Y minutes Steve Amren
• 2013/09/11 Re: [Simple-evcorr-users] Suppress after X number of occurrences within Y minutes Steve Amren
• 2013/09/11 Re: [Simple-evcorr-users] Suppress after X number of occurrences within Y minutes Risto Vaarandi
• 2013/09/09 Re: [Simple-evcorr-users] Eventgroup question David Lang
• 2013/09/09 Re: [Simple-evcorr-users] Eventgroup question Risto Vaarandi
• 2013/09/09 [Simple-evcorr-users] Eventgroup question David Lang
• 2013/09/06 Re: [Simple-evcorr-users] Using the rewrite action Risto Vaarandi
• 2013/09/05 [Simple-evcorr-users] Using the rewrite action John P. Rouillard
• 2013/09/03 Re: [Simple-evcorr-users] global variables Risto Vaarandi
• 2013/08/30 Re: [Simple-evcorr-users] global variables John P. Rouillard
• 2013/08/30 [Simple-evcorr-users] global variables Mark Keisler
• 2013/08/23 Re: [Simple-evcorr-users] (no subject) Risto Vaarandi
• 2013/08/22 Re: [Simple-evcorr-users] (no subject) David Lang
• 2013/08/22 Re: [Simple-evcorr-users] (no subject) John P. Rouillard
• 2013/08/22 Re: [Simple-evcorr-users] (no subject) David Lang
• 2013/08/22 [Simple-evcorr-users] (no subject) John P. Rouillard
• 2013/08/01 Re: [Simple-evcorr-users] assignment of variables from contexts? Tim Peiffer
• 2013/07/31 [Simple-evcorr-users] assignment of variables from contexts? Tim Peiffer
• 2013/07/29 Re: [Simple-evcorr-users] Global context ? Emile RE
• 2013/07/27 Re: [Simple-evcorr-users] Global context ? Risto Vaarandi
• 2013/07/26 Re: [Simple-evcorr-users] Global context ? John P. Rouillard
• 2013/07/26 Re: [Simple-evcorr-users] Global context ? David Lang
• 2013/07/26 [Simple-evcorr-users] Global context ? nemile . re
• 2013/07/09 Re: [Simple-evcorr-users] retain internal contexts & restart SEC? Risto Vaarandi
• 2013/07/09 Re: [Simple-evcorr-users] retain internal contexts & restart SEC? Risto Vaarandi
• 2013/07/09 Re: [Simple-evcorr-users] retain internal contexts & restart SEC? Risto Vaarandi
• 2013/07/09 Re: [Simple-evcorr-users] retain internal contexts & restart SEC? Risto Vaarandi
• 2013/07/08 [Simple-evcorr-users] retain internal contexts & restart SEC? Orangepeel Beef
• 2013/07/05 Re: [Simple-evcorr-users] singlewiththreshold collect events Risto Vaarandi
• 2013/07/05 Re: [Simple-evcorr-users] singlewiththreshold collect events Orangepeel Beef
• 2013/07/05 Re: [Simple-evcorr-users] singlewiththreshold collect events Orangepeel Beef
• 2013/07/01 Re: [Simple-evcorr-users] Looking For A Better Way To Do A Rule-Set. Boyles, Gary P
• 2013/06/28 Re: [Simple-evcorr-users] Looking For A Better Way To Do A Rule-Set. Risto Vaarandi
• 2013/06/28 Re: [Simple-evcorr-users] Variable Replacement for a specific event. Boyles, Gary P
• 2013/06/28 Re: [Simple-evcorr-users] Looking For A Better Way To Do A Rule-Set. Boyles, Gary P
• 2013/06/28 Re: [Simple-evcorr-users] Variable Replacement for a specific event. Boyles, Gary P
• 2013/06/28 Re: [Simple-evcorr-users] Variable Replacement for a specific event. Risto Vaarandi
• 2013/06/28 Re: [Simple-evcorr-users] Looking For A Better Way To Do A Rule-Set. Risto Vaarandi
• 2013/06/28 Re: [Simple-evcorr-users] Variable Replacement for a specific event. Aaron . Erickson
• 2013/06/28 [Simple-evcorr-users] Variable Replacement for a specific event. Boyles, Gary P
• 2013/06/28 Re: [Simple-evcorr-users] Looking For A Better Way To Do A Rule-Set. Boyles, Gary P
• 2013/06/27 Re: [Simple-evcorr-users] Looking For A Better Way To Do A Rule-Set. David Lang
• 2013/06/27 [Simple-evcorr-users] Looking For A Better Way To Do A Rule-Set. Boyles, Gary P
• 2013/06/27 Re: [Simple-evcorr-users] SEC-2.7.4 released Orangepeel Beef
• 2013/06/27 Re: [Simple-evcorr-users] rsyslog omprog + SEC David Lang
• 2013/06/27 [Simple-evcorr-users] SEC-2.7.4 released Risto Vaarandi
• 2013/06/27 Re: [Simple-evcorr-users] rsyslog omprog + SEC Risto Vaarandi
• 2013/06/26 Re: [Simple-evcorr-users] rsyslog omprog + SEC Orangepeel Beef

• Earlier messages
• Later messages