Log of apache 2.4.20_1 in FreeBSD is much more complex which the docoder expect, the standard config can’t understand.
I add this instruction in prematch of decoder apache-errorlog. And now the decoder can understand the log *^[\w+ \w+ \d+ \d+:\d+:\d+.\d+ \d+] [:error] [pid \d+] [client \d+.\d+.\d+.\d+:\d+]* <prematch>^[warn] |^[notice] |^[error] |^[:error] |^[\w+ \w+ \d+ \d+:\d+:\d+.\d+ \d+] [:error] [pid \d+] [client \d+.\d+.\d+.\d+:\d+] </prematch> > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
