subject:"\[ossec\-list\] Re\: CDB format problem"

[ossec-list] Re: CDB format problem

2019-07-17 Thread Brian Candler

On Tuesday, 16 July 2019 13:44:33 UTC+1, Kyriakos Stavridis wrote:
>
> How can I surpass that obstacle (double : in every entry) when compiling 
> the cdb list with ossec-makelists? Any ideas?
>
>
Looking in src/analysisd/lists_make.c, it appears that both keys and values 
can be surrounded by double quotes, which should solve your problem (if the 
code works).
 
Otherwise, CDB  files are 8-bit clean.  You 
could compile them with the native cdbmake 
 utility instead, which has a different 
input format with explicit lengths for key and value parts.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/33153216-43bf-4a86-9830-862d33c1f3cf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Re: CDB format problem

2019-07-18 Thread Kyriakos Stavridis

Tested your 1st point, doesn't seem to work. I tried inserting 
"192.168.1.x" instead of 192.168.1.x (which I know it worked), and I didn't 
get a match.


On Wednesday, July 17, 2019 at 12:46:39 PM UTC+3, Brian Candler wrote:
>
> On Tuesday, 16 July 2019 13:44:33 UTC+1, Kyriakos Stavridis wrote:
>>
>> How can I surpass that obstacle (double : in every entry) when compiling 
>> the cdb list with ossec-makelists? Any ideas?
>>
>>
> Looking in src/analysisd/lists_make.c, it appears that both keys and 
> values can be surrounded by double quotes, which should solve your problem 
> (if the code works).
>  
> Otherwise, CDB  files are 8-bit clean.  You 
> could compile them with the native cdbmake 
>  utility instead, which has a 
> different input format with explicit lengths for key and value parts.
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/6c4a6b2e-0048-4e6a-bdc1-16058a18227d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Re: CDB format problem

2019-07-18 Thread Brian Candler

My mistake: I was looking at source code from wazuh 
.  
The corresponding code in ossec 
 
doesn't support double quotes.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/c365dab6-722d-4588-ac1f-a1666e847e44%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Re: CDB format problem

[ossec-list] Re: CDB format problem

[ossec-list] Re: CDB format problem

3 matches

Site Navigation

Mail list logo

Footer information