On Fri, Feb 17, 2017 at 6:04 AM, Casimiro wrote:
> I'm trying to override the windows decoder to extract more fields (in
> local_decoder.xml), like source ip, destination ip, source port,
>
> This is my local decoder for windows
>
>
>windows
>AUDIT_FAILURE(51512)
>Source Address:\s+(\
On Fri, Feb 17, 2017 at 9:14 AM, Göran Lundberg wrote:
> It's working perfectly. Hope you can add it to the default rules for
> mailscanner. The script is run four times a day. It's really annoying
> getting 4 unnecessary emails per day.
>
Removing 4 unnecessary emails/day from my inbox wouldn't
It's working perfectly. Hope you can add it to the default rules for
mailscanner. The script is run four times a day. It's really annoying getting 4
unnecessary emails per day.
Thanks a lot for the help!
Best regards
Göran Lundberg
"dan (ddp)" skrev: (15 februari 2017 22:17:23 CET)
>On Wed
I'm trying to override the windows decoder to extract more fields (in
local_decoder.xml), like source ip, destination ip, source port,
This is my local decoder for windows
windows
AUDIT_FAILURE(51512)
Source Address:\s+(\d+.\d+.\d+.\d+)
srcip
When I put new decoder en local_decode
I'm trying extract new fields form Windows Event Log.
I'm doing a new decoder in local_decoder.xml. I want to extract source ip,
destination ip, source port, destination port.
https://groups.google.com/d/optout.
