Hi folks, Does anyone have already succeeded to write a parser for linux
auditd log files ? References:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sec-Understanding_Audit_Log_Files.htmlPG05
Catching L...
Hi, I have the following architecture (10.4.0.2 from 10.3.4):One
Security Analytics appliance One hybrid appliance (log collector /
decoder / concentrator)One Remote Log collector VM) on a customer
siteIts IP is NAT'ed from the Security Analytics App...
Hi, I have some logs from a Red-Hat server which are interpreted as
Big-IP logs. How can I configure my Log Decoder to use only one specific
parser for a specific device IP? (I must keep the Big-IP Parser...)
Thanks!
You have to use IN() because meta action is defined as an array of
String (action=[Ljava.lang.String). Types of meta are defined in ESA /
Explore / CEP / Engine / Configuration / StreamTypeMappings. So, you
also have to use IN() for these meta :
user...