Hi Jesus!
Hope you have had a nice summer so far :) I'm revisiting this decoder with,
what I hoped would be, a fresh (rested) pair of eyes ;) Unfortunately, I
realize I still have trouble sorting this one out in an efficient manner. I
was hoping I could ask you for a few additional pointers es
We are making monitoring by the Zabbix where Zabbix logs in máquna SSH and
checks whether the line "INFO: Connected to the server" in
/var/ossec/logs/ossec.log file, but we are getting login alerts.
I sought some ignores or white lists, but found nehhum, if someone can help
me thank you.
--
-
On Wed, Aug 17, 2016 at 2:50 PM, Pedro dal toe wrote:
> We are making monitoring by the Zabbix where Zabbix logs in máquna SSH and
> checks whether the line "INFO: Connected to the server" in
> /var/ossec/logs/ossec.log file, but we are getting login alerts.
> I sought some ignores or white lists,
On Aug 17, 2016 4:37 PM, "Michael P." wrote:
>
> I am experiencing an issue where the presence of a child decoder prevents
the fields in the parent decoder from being decoded.
>
> We log all bash commands made by users on our systems. The format of
these log messages look like this:
> Aug 17 12:41
I am experiencing an issue where the presence of a child decoder prevents
the fields in the parent decoder from being decoded.
We log all bash commands made by users on our systems. The format of these
log messages look like this:
Aug 17 12:41:22 mars31 bash: HISTORY: PID=45234 UID=0(vader) who
