{"id":180,"date":"2008-04-30T22:12:00","date_gmt":"2008-04-30T22:12:00","guid":{"rendered":"https:\/\/defragged.org\/ossec\/?p=180"},"modified":"2020-07-02T22:12:50","modified_gmt":"2020-07-02T22:12:50","slug":"v1-5-preview-new-log-rules-decoders","status":"publish","type":"post","link":"https:\/\/defragged.org\/ossec\/2008\/04\/v1-5-preview-new-log-rules-decoders\/","title":{"rendered":"v1.5 preview \u2013 New log rules\/decoders"},"content":{"rendered":"\n<p>Version 1.5 comes with lot of additions to our log analysis (or LIDS \u2013 Log-based IDS) capabilities. Some of the new log formats we now support are:<\/p>\n\n\n\n<ul><li>Solaris BSM auditing logs<\/li><li>Asterisk logs<\/li><li>Checkpoint and Smart Defense logs<\/li><li>Debian package (dpkg) install\/status\/remove messages<\/li><li>Shorewall logs<\/li><li>Postfix SASL error messages<\/li><li>Localized pure-ftpd messages (for 12 different languages)<\/li><\/ul>\n\n\n\n<p>In addition to that, we can now properly read DJB multilog files and read them with our decoders. To read it, just add to the configuration (in this example to read sshd logs):<\/p>\n\n\n\n<blockquote class=\"wp-block-quote\"><p>&lt;localfile&gt;<br>&lt;log_format&gt;djb-multilog&lt;\/log_format&gt;<br>&lt;location&gt;\/var\/log\/sshd\/current&lt;\/location&gt;<br>&lt;\/localfile&gt;<\/p><\/blockquote>\n\n\n\n<p>Hope you enjoy OSSEC v1.5 when it is out \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Version 1.5 comes with lot of additions to our log analysis (or LIDS \u2013 Log-based IDS) capabilities. Some of the new log formats we now support are: Solaris BSM auditing logs Asterisk logs Checkpoint and Smart Defense logs Debian package (dpkg) install\/status\/remove messages Shorewall logs Postfix SASL error messages Localized pure-ftpd messages (for 12 different [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[],"_links":{"self":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/180"}],"collection":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/comments?post=180"}],"version-history":[{"count":1,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/180\/revisions"}],"predecessor-version":[{"id":181,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/180\/revisions\/181"}],"wp:attachment":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/media?parent=180"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/categories?post=180"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/tags?post=180"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}