Skip to content

Instantly share code, notes, and snippets.

@jrossi

jrossi/gist:8677240

Created January 28, 2014 21:50
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save jrossi/8677240 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save jrossi/8677240 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
poop :: ossec-hids-clean/src/analysisd ‹master*› # ./ossec-logtest
2014/01/28 21:49:45 ossec-testrule: INFO: Reading local decoder file.
2014/01/28 21:49:46 ossec-testrule: INFO: Started (pid: 31034).
ossec-testrule: Type one log per line.
Nov 8 13:57:02 poop rsyslogd: rsyslogd's userid changed to 101
**Phase 1: Completed pre-decoding.
full event: 'Nov 8 13:57:02 poop rsyslogd: rsyslogd's userid changed to 101'
hostname: 'poop'
program_name: 'rsyslogd'
log: 'rsyslogd's userid changed to 101'
**Phase 2: Completed decoding.
No decoder matched.
Jan 22 13:44:00 ossec bash root[3103] 10.207.53.15 52805 10.207.53.94 22: cat bash.log
**Phase 1: Completed pre-decoding.
full event: 'Jan 22 13:44:00 ossec bash root[3103] 10.207.53.15 52805 10.207.53.94 22: cat
bash.log'
hostname: 'ossec'
program_name: '(null)'
log: 'bash root[3103] 10.207.53.15 52805 10.207.53.94 22: cat bash.log'
**Phase 2: Completed decoding.
No decoder matched.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment