Re: [ossec-list] Custom Rule Debugging

Nick Davies Mon, 17 Sep 2012 10:14:55 -0700

>
> archives.log message:
> 2012 Sep 17 00:00:01 ix->/var/log/messages Sep 17 00:00:01 ix syslogd: restart
>
> Header:
> 2012 Sep 17 00:00:01 ix->/var/log/messages
>
> Log message without header:
> Sep 17 00:00:01 ix syslogd: restart


I have:
2012 Sep 17 16:54:28 )agent_name) apent_id->powershell -File
C\/OSSEC-Test/OSSEC/ossec_read_new_xml_logs.ps1 [script parameters]
ossec: output: 'powershell -File
C\/OSSEC-Test/OSSEC/ossec_read_new_xml_logs.ps1 [script parameters]':
[script output]

Which part of this would be the header?

Regards,

Nick

Re: [ossec-list] Custom Rule Debugging

Reply via email to