wonderful, thanks for your positive feedback Jb Cheng! :)
i'd be most interested, is there any way to spread the news?
i haven't checked IRC yet, are there many europeans hanging out there?
maybe this question can also be posted on the OSSEC website or through
Daniel's blog?
what other major
Hi all,
How can I parse json log format with ossec?? According to docs, the
more close logformat supported by ossec is multiline, but I don't see
how can I configure this ...
--
CL Martinez
carlopmart {at} gmail {d0t} com
--
---
You received this message because you are subscribed to the
I am brand new to Ossec and I am trying to monitor an agent's file
/var/path/something/php.log.
I know I have to setup a decoder and rules for this except for the life of
me, I cannot figure any of this out.
Ossec's documentation on accomplishing this is meh at best.
How can I setup the
On Fri, Oct 25, 2013 at 1:42 PM, Gabriel Holder gavysdom...@gmail.com wrote:
I am brand new to Ossec and I am trying to monitor an agent's file
/var/path/something/php.log.
I know I have to setup a decoder and rules for this except for the life of
me, I cannot figure any of this out.
Ossec's
Here is my decoder file:
!-- Custom decoder for example --
decoder name=php-app
prematch^\d\d\d\d-\d\d-\d\d \d\d:\d\d:\d\d/prematch
/decoder
decoder name=php-app-alert
parentphp-app/parent
regex offset=after_parent^ (\d+.\d+.\d+.\d+) PHP app/regex
ordersrcip/order
On Fri, Oct 25, 2013 at 2:11 PM, Gabriel Holder gavysdom...@gmail.com wrote:
Here is my decoder file:
This is local_decoder.xml correct?
!-- Custom decoder for example --
decoder name=php-app
prematch^\d\d\d\d-\d\d-\d\d \d\d:\d\d:\d\d/prematch
/decoder
decoder
On Friday, October 25, 2013 2:18:27 PM UTC-4, dan (ddpbsd) wrote:
On Fri, Oct 25, 2013 at 2:11 PM, Gabriel Holder
gavys...@gmail.comjavascript:
wrote:
Here is my decoder file:
This is local_decoder.xml correct?
Yes it is.
!-- Custom decoder for example --
decoder
Yes, I am using local_decoder.xml
It does not seem to have any nested group tags.
Each group has its own entry.
What logs would you like specifically?
On Friday, October 25, 2013 2:18:27 PM UTC-4, dan (ddpbsd) wrote:
On Fri, Oct 25, 2013 at 2:11 PM, Gabriel Holder
On Fri, Oct 25, 2013 at 2:25 PM, Gabriel Holder gavysdom...@gmail.com wrote:
On Friday, October 25, 2013 2:18:27 PM UTC-4, dan (ddpbsd) wrote:
On Fri, Oct 25, 2013 at 2:11 PM, Gabriel Holder gavys...@gmail.com
wrote:
Here is my decoder file:
This is local_decoder.xml correct?
Yes it is.
Ok, so here is an extract of the log file I'm monitoring:
[21-Oct-2013 05:00:01] PHP Fatal error: require_once(): Failed opening
required 'global.php'
(include_path='.:/usr/share/pear:/usr/local/pear/share/pear:/php/includes:/home/along/PHPUnit-3.6.10')
in
I got rid of the error. For some reason it was not reading my
local_decoder.xml
I had to update the main decoder.xml file
Error is gone but I am still not sure how to properly test this.
On Friday, October 25, 2013 3:01:43 PM UTC-4, Gabriel Holder wrote:
Ok, so here is an extract of the log
On 25.10.2013 14:52, Gabriel Holder wrote:
I got rid of the error. For some reason it was not reading my
local_decoder.xml
It is probably a permissions issue.
I had to update the main decoder.xml file
Your work will be lost when you upgrade. Always use local_decoder.xml.
--
---
You
12 matches
Mail list logo
