On Wed, Feb 1, 2012 at 2:49 PM, Kat uncommon...@gmail.com wrote:
What am I missing - it just keeps firing on the windows-date-format --
so frustrating, it must be simple, I am just blind today:
Either put it before the windows-date-format decoder or make it a
child of that decoder.
Logentry:
What am I missing - it just keeps firing on the windows-date-format --
so frustrating, it must be simple, I am just blind today:
Logentry:
2012-01-12 15:19:58 Package: attack.vector:
removing(string1,string2,string3) by administrator
decoder:
decoder name=fw-private
