Hello, I've been trying to use a cdb to alert on access to bad urls with ossec.
The cdb format is the following: key1:value key2:value As you see the delimiter is predefined as the character ':' So my problem is that when the key must be a url, it surely must have : somewhere in it, let's say https://groups.google.com/forum As you see there will always be a : somewhere inside a valid url. So the list before compiling should look like: https://docs.python.org/3/library/os.html:suspicious https://stackabuse.com/read-a-file-line-by-line-in-python/:malicious How can I surpass that obstacle (double : in every entry) when compiling the cdb list with ossec-makelists? Any ideas? Has anyone done something similar before? Thanks in advance and have a nice day. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/8b85061b-f7a7-4a03-b527-505ed4a99702%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
