Could you give me the url with –V one?
I would like to install it.
From:
ossec-list@xxxxxxxxxxxxxxxx [mailto:ossec-list@xxxxxxxxxxxxxxxx] On Behalf Of Meir Michanie
Sent: Tuesday, September 05, 2006
8:38 PM
To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: please
give me some logs
We couldn't reproduce it.
Yesterday we added a -V switch to all daemons in cvs.
can you add at wiki the raw alert log (replace IPs ...) but keep the spaces and
structure intact.
You are not the only one with this problem ( there is one more user reporting
it).
On 9/5/06, |SaMaN|
<saman@xxxxxxxxxxxx> wrote:
So what do you think about my logs ?
Subject: [ossec-list] Re:
please give me some logs
We couldn't reproduce a log output like yours.
so if you can copy paste your log from /var/ossec/logs/alerts into the wiki
page, one or to entries is enough
On
9/5/06, |SaMaN| <saman@xxxxxxxxxxxx>
wrote:
I would like to learn something then. I sent you a log of
mine so it is problematic or a specific problem to me only ?
Hi
everybody,
I am commited to help ppl with ossec2mysql problems.
I am also interested in developing some tools that will help us cleanup log
files before posting to the list, etc.
Therefore I need different alert log samples. I added two samples at wiki
under:
http://www.ossec.net/wiki/index.php/OSSEC_alerts_log_format
if you log file is different add it to the page.
do not edit the alert in any way but replacing IP and domain names. so we
can use the alert ofr regex and parsing.
TIA.