I don't think you can. How would ossec-logtest know where the log
message came from if you paste the message to stdin?
On Mon, Mar 7, 2011 at 5:22 PM, Shaikat Majumdar
wrote:
> How would you go about testing this feature () ... with
> ossec-logtest ?
>
> The way I am setting this up is I using th
.
Regards
Tanishk Lakhaani
Sent from BlackBerry® on Airtel
-Original Message-
From: Shaikat Majumdar
Sender: ossec-list@googlegroups.com
Date: Mon, 07 Mar 2011 15:49:54
To: ossec-list
Reply-To: ossec-list@googlegroups.com
Subject: [ossec-list] Does OSSEC pre-decoding provide a way to glean
How would you go about testing this feature () ... with
ossec-logtest ?
The way I am setting this up is I using the tag for
specifying the log file location in the /var/ossec/etc/shared/agent.conf
file.
In the alert log (this is based on a custom rule that I have defined) I
can see my rule
k thanks for the reply...ill try that..if it doesnt work..ill just quote
u and tell my employer how unsupported the web ui is!
Hopefully , he will get over it
xD
On Mon, 2011-03-07 at 15:58 -0500, dan (ddp) wrote:
> You can try . I can't find any real documentation on it at
> the moment, and I do
wow i hate replying to emails like this ...i saw ur name and replied to
a wrong post
!!!
PFFTTT
On Mon, 2011-03-07 at 15:58 -0500, dan (ddp) wrote:
> You can try . I can't find any real documentation on it at
> the moment, and I don't think I've done any real testing with it.
>
> On Mon, Mar 7
You can try . I can't find any real documentation on it at
the moment, and I don't think I've done any real testing with it.
On Mon, Mar 7, 2011 at 3:49 PM, Shaikat Majumdar
wrote:
> Does OSSEC pre-decoding provide a way to glean the log filename causing an
> alert ?
>
> If not, can this be done
Does OSSEC pre-decoding provide a way to glean the log filename causing
an alert ?
If not, can this be done using a custom-defined decoder ?
--
Shaikat Majumdar
Millburn Ridgefield Corporation