[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-cvs] ossec-hids: decoder.xml (HEAD) [dcid]
Module name: ossec-hids
Changes by: dcid 07/08/25 10:24:02
Modified files:
decoder.xml
Log message:
Description: Adding support for mysql logs (.err and .log). Adding support for PostgreSQL as a database output. A few more fixes for the hostinfo stuff... (yes, long morning -- you got to love
saturdays)
Reviewed by: dcid
Bug:
Index: decoder.xml
===================================================================
RCS file: /usr/cvsroot/ossec-hids/etc/decoder.xml,v
diff -u -r1.121 -r1.122
--- decoder.xml 22 Aug 2007 00:39:31 -0000 1.121
+++ decoder.xml 25 Aug 2007 13:24:01 -0000 1.122
@@ -73,6 +73,7 @@
<order>srcip</order>
</decoder>
+
<!-- SSH decoder.
- Will extract username and srcip from the logs.
@@ -185,7 +186,6 @@
- Jun 2 09:54:28 valhalla in.telnetd[19723]: [ID 927837 local2.info] connect from external.example.net
- Jun 2 09:54:28 valhalla telnetd[19723]: [ID 485252 daemon.info] ttloop: peer died: Error 0
-->
-
<decoder name="telnetd">
<program_name>^telnetd|^in.telnetd</program_name>
</decoder>
@@ -197,6 +197,7 @@
</decoder>
+
<!--
- Samba decoder.
- Will extraxt the username/srcip
@@ -388,6 +389,19 @@
<regex offset="after_prematch">^(\d+.\d+.\d+.\d+) (\S+)</regex>
<order>srcip, extra_data</order>
<fts>name, srcip, extra_data</fts>
+</decoder>
+
+
+
+<!-- MySQL decoder.
+ - Examples:
+ - MySQL log: 060516 22:38:46 mysqld started
+ - MySQL log: 060516 22:38:46 mysqld ended
+ - MySQL log: 070823 21:23:08 2 Query INSERT INTO signature(id, rule_id, level, description) VALUES (NULL, '18103','5','Windows error event.') ON DUPLICATE KEY UPDATE level='5'
+ - 070824 11:33:51 6 Connect Access denied for user 'roota'@'localhost' (using password: YES)
+ -->
+<decoder name="mysql_log">
+ <prematch>^MySQL log:</prematch>
</decoder>
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.