I started with this but no succes so far.
$BAD WORDS:
test
ERROR
(\S+)
extra_data
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to o
Hello sorry for bothering you, but maybe you could help me with my custom
decoder(which doesnt work).I wanna create a custom decoder to alert my on
email when i put some text like 'error".
log file format:
2018-09-03 WARN test
2018-09-03 ERROR test text to be alerted
2018-09-03 INFO
2018-09
Something like this ?
ossec-exampled
^$BAD_WORDS
^ERROR
srcip, action
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@goo
Something like this ?
test
$BAD_WORDS
^BAD_WORDS \S+ \p(\S+)\p$|^BAD_WORDS \S+ \p(\S+)\p$
srcip, action
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
