Hi Victor,
> There is a recent commit related to this issue:
> https://github.com/ossec/ossec-hids/commit/8d16a383a280e301d8d3e6441cfc75482
> 222445e
>
> The thing is that the process ossec-agentd runs –and should run– as user
> *ossec*. Those files should have *ossec* as owner and permissions 64
hanging the
owner of the above files from root to ossec it seems to work again (at least
there are no errors in the log and the changed time of the files is updated).
Question: Should ossec-agentd run as root instead or should the owner of those
files be "ossec" or anything else
Thank you for your response. The decoder you posted works perfectly.
In the prematch you included a second option which isn't necessary in my
case (but there might be logs were it is needed).
Here are two full log entries to use in tests (I changed our domain, but
that should make no difference
way to overwrite a decoder (or have I completely missed some
different way to solve this problem)?
I hope this is the correct list to ask this question and thank you for any
ideas.
Regards,
Tobias Margiani
--
---
You received this message because you are subscribed to the Google Groups
&quo