Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /var/ossec/etc/ossec.conf
- <localfile>
- <log_format>syslog</log_format>
- <location>/home/kippo/kippo/log/kippo.log</location>
- </localfile>
- /var/ossec/etc/decoder.xml
- <decoder name="ossec-kippo">
- <prematch>^20\d\d-\d\d-\d\d \d\d:\d\d:\d\d\.+ [\.+]</prematch>
- <regex>(\.+)</regex>
- <order>extra_data</order>
- </decoder>
- /var/ossec/rules/local_rules.xml
- <rule id="100031" level="15">
- <decoded_as>ossec-kippo</decoded_as>
- <description>Kippo</description>
- </rule>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
