or it
was broken before and now correctly works, I'm not sure, but definitely
something changed.
On Thursday, February 9, 2017 at 3:37:13 PM UTC-5, dan (ddpbsd) wrote:
>
> On Thu, Feb 9, 2017 at 3:25 PM, Chris Snyder <dago...@gmail.com
> > wrote:
> > You're new windows decoder r
system_name
> name, location, system_name
>
>
>
> windows
> windows
>Source Network Address: (\S+)
> srcip
>
>
>
> windows
> windows
>Account Name: (\S+) Account
> user
>
>
>
> On Thu, Feb 9, 2017 at 10:50 AM,
> status, id, extra_data, user, system_name
> name, location, system_name
>
>
>
> windows
> windows
>Source Network Address: (\S+)
> srcip
>
>
>
> windows
> windows
>Account Name: (\S+) Account
> user
&g
I just updated my CentOS 6 OSSEC server using the Atomic RPMs from 2.8.3-53
to 2.9.0-48.
Before the updates, my Windows server logs were process fine. After the
updates, ALL my windows logs are no longer being decoded correctly.
Using ossec-logtest, and a test log entry of
2017 Feb 08
