My web servers logs are being decoded as 'pure-transfer' instead of as an apache log due to the time format, which includes a dash '-". If I remove the dash, then the logs are decoded as apache logs. I believe I have to options: 1) change the precedence of the decoders, giving priority to apache or 2) update the format of the logs in my apache config. Please explain how I would change the precedence or perhaps there is a better solution?
My OSSEC server is running OSSEC HIDS v2.8.3. *SAMPLE LOG FILE:* 46.229.168.71 - - [29/Jan/2017:06:34:13 -0800] "GET /web/guest/community-action1%3BOldBars58@jsessionid%3D194335F9E14CFE295BDBAACC95467F6D HTTP/1.1" 404 27590 "-" "Mozilla/5.0 (compatible; SemrushBot/1.2~bl; +http://www.semrush.com/bot.html)" Thank you, Gil Vidals Etica, Inc. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
