Search found 3 matches
- Fri Sep 25, 2020 3:15 pm
- Forum: OSSEC
- Topic: Failing to decode IPv6 addresses
- Replies: 5
- Views: 9977
Re: Failing to decode IPv6 addresses
I think I understand where you might be having trouble. Think of decoders as translators, so even though a log might be going thru a decoder, if it doesnt understand the log message it wont translate it correctly. You need the right decoder for that specific log format, even if its coming from the ...
- Wed Sep 16, 2020 7:32 am
- Forum: OSSEC
- Topic: Failing to decode IPv6 addresses
- Replies: 5
- Views: 9977
Re: Failing to decode IPv6 addresses
Mike, your answer didn't make much sense to me, so I made a few more tests. To make sure I had a match in the decoder, I used a well known program (for which there should be an included decoder), Apache. This was the result for IPv6 (I'm not masking the IP addresses this time): 2020/09/16 08:07:06 o...
- Fri Sep 11, 2020 8:31 am
- Forum: OSSEC
- Topic: Failing to decode IPv6 addresses
- Replies: 5
- Views: 9977
Failing to decode IPv6 addresses
Hi, my install of OSSEC if having problems decoding IPv6 addresses. I used /var/ossec/bin/ossec-logtest to test one syslog message, and got the following output: root@syslog-server:~# /var/ossec/bin/ossec-logtest 2020/09/11 09:15:46 ossec-testrule: INFO: Reading local decoder file. 2020/09/11 09:15:...