[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-list] Re: How do you configure ossec send unknown log messages to you?
- To: ossec-list@xxxxxxxxxxxxxxxx
- Subject: [ossec-list] Re: How do you configure ossec send unknown log messages to you?
- From: "Daniel Cid" <daniel.cid@xxxxxxxxx>
- Date: Thu, 5 Apr 2007 22:46:58 -0300
- Cc: andrew@xxxxxxxxxxxxxxxxxxxx
- Content-disposition: inline
- Content-transfer-encoding: 7bit
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=aCCkTCjSa0ckardzWdzTdvQwyhtyPhkGatyafEgsyQ898GwAWvzXLXvAW8h0UMI1msejIxEt9N4y3xIvnIdfr7FaGsgNvspfbFZwaXibbOPlxDFI5SDAnjzheST+nwVkRW3J1AY9cMZepLV1n+VzrW8o2KbqThexyGPvs3vYDQM=
Hi Andrew,
You may get a lot of useless messages, but just create a local rule like that:
<rule id="100001" level="1">
<description>Non-parsed message...</description>
</rule>
And everything that is not parsed by others will go into this one.
When you write
your decoders/rules, please share them with us!
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
On 4/4/07, andrew@xxxxxxxxxxxxxxxxxxxx <andrew@xxxxxxxxxxxxxxxxxxxx> wrote:
I would like to get a notice if there is a log message that the
ossec does not understand. For example if I run
bash$ logger "something ossec does not know about"
I would like to get an alert about it so that I can
write a decoder / rule for the message.
Is there a good way to do that?
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.