Op woensdag 14 november 2012 17:02:47 UTC+1 schreef dan (ddpbsd) het
volgende:
On Wed, Nov 14, 2012 at 9:49 AM, Michiel van Es
vanesm...@gmail.comjavascript:
wrote:
Hello,
I am trying to set up a local_decoder.xml entry to decode our Clavister
log
entries.
The clavister
Hello,
I am trying to set up a local_decoder.xml entry to decode our Clavister log
entries.
The clavister logfiles show only outgoing dropped traffic, for example:
Nov 14 12:19:53 10.170.80.3 [2012-11-14 12:20:08] EFW: RULE: prio=6
id=0651 rev=1 event=ruleset_drop_packet action=drop
try changing your prematch tag to
prematch^\w\w\w \d\d \d\d:\d\d:\d\d/prematch
see here: http://www.ossec.net/doc/manual/rules-decoders/create-custom.html
-AK
On Wed, Nov 14, 2012 at 8:49 AM, Michiel van Es vanesmich...@gmail.com wrote:
Hello,
I am trying to set up a local_decoder.xml entry
On Wed, Nov 14, 2012 at 9:49 AM, Michiel van Es vanesmich...@gmail.com wrote:
Hello,
I am trying to set up a local_decoder.xml entry to decode our Clavister log
entries.
The clavister logfiles show only outgoing dropped traffic, for example:
Nov 14 12:19:53 10.170.80.3 [2012-11-14 12:20:08]
