>
> Hi Dan,
>
now the new decoder work
[root@serverossec etc]# ../bin/ossec-logtest
2018/11/14 15:51:13 ossec-testrule: INFO: Reading local decoder file.
2018/11/14 15:51:13 ossec-testrule: INFO: Started (pid: 64288).
ossec-testrule: Type one log per line.
Nov 12 18:51:51 mailserver dovecot Nov 12 18:51:49 imap-login: Info:
Disconnected (auth failed, 1 attempts in 6 secs): user=<i...@cacirro.it>,
method=PLAIN, rip=154.64.218.77, lip=10.12.14.11, TLS,
session=<mYSbWnt6E9aaQNpN>
**Phase 1: Completed pre-decoding.
full event: 'Nov 12 18:51:51 mailserver dovecot Nov 12 18:51:49
imap-login: Info: Disconnected (auth failed, 1 attempts in 6 secs):
user=<i...@cacirro.it>, method=PLAIN, rip=154.64.218.77, lip=10.12.14.11,
TLS, session=<mYSbWnt6E9aaQNpN>'
hostname: 'mailserver'
program_name: '(null)'
log: 'dovecot Nov 12 18:51:49 imap-login: Info: Disconnected (auth
failed, 1 attempts in 6 secs): user=<i...@cacirro.it>, method=PLAIN,
rip=154.64.218.77, lip=10.12.14.11, TLS, session=<mYSbWnt6E9aaQNpN>'
**Phase 2: Completed decoding.
decoder: 'dovecot2'
**Phase 3: Completed filtering (rules).
Rule id: '1002'
Level: '2'
Description: 'Unknown problem somewhere in the system.'
**Alert to be generated.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
