Guest User

Untitled

a guest
Dec 14th, 2019
90
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. /var/ossec/etc/ossec.conf
  2. <localfile>
  3. <log_format>syslog</log_format>
  4. <location>/home/kippo/kippo/log/kippo.log</location>
  5. </localfile>
  6.  
  7. /var/ossec/etc/decoder.xml
  8. <decoder name="ossec-kippo">
  9. <prematch>^20\d\d-\d\d-\d\d \d\d:\d\d:\d\d\.+ [\.+]</prematch>
  10. <regex>(\.+)</regex>
  11. <order>extra_data</order>
  12. </decoder>
  13.  
  14. /var/ossec/rules/local_rules.xml
  15. <rule id="100031" level="15">
  16. <decoded_as>ossec-kippo</decoded_as>
  17. <description>Kippo</description>
  18. </rule>
RAW Paste Data