You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I don't think this is limited to ossec-logtest. When using
decoded_as in a rule where the decoded_as value is the name of a child decoder that also has use_own_name defined, it does't work. However, if you change the decoded_as element to the parent decoder name, then the rule works.
I don't remember the use_own_name stuff ever working the way I thought it
should work. So either it's busted or I don't understand it. Either way,
I've ignored it for 4 years.
I don't think this is limited to ossec-logtest. When using
decoded_as in a rule where the decoded_as value is the name of a child
decoder that also has use_own_name defined, it does't work. However, if you
change the decoded_as element to the parent decoder name, then the rule
works.
Reply to this email directly or view it on GitHubhttps://github.com//issues/162#issuecomment-38709849
.
Yeah, I haven't had a need to focus on IIS logs until recently. I, like many others I'm sure, assumed it "just worked." It looks like it probably never worked.
The <use_own_name> decoder option does not work in ossec-logtest. More info here: https://groups.google.com/forum/#!msg/ossec-list/TtFKNnaA6SA/yWaKXCuV5z4J
The text was updated successfully, but these errors were encountered: