'[ossec-list] Define Interval Filter Events in Ossec Windows Client (ossec client version 2.9.4)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ossec-list
Subject:    [ossec-list] Define Interval Filter Events in Ossec Windows Client (ossec client version 2.9.4)
From:       Nadia Medjellel <mynaxyss () gmail ! com>
Date:       2018-07-20 13:08:27
Message-ID: 39f118c4-e254-4799-aef0-5618bb92907c () googlegroups ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hello,

use Ossec version 2.9.4

Iwant to define interval filter in ossec windows client?


For example like this events between 4700 (including) and 4705 (including)

<localfile>
    <location>Security</location>
    <log_format>eventchannel</log_format>
    <query>Event/System[EventID \>=4700 and EventID \<=4705]</query>
  </localfile>

I would like to difene a interval, But, I get an error when I use this 
query:
  <query>Event/System[*EventID>=4700 and EventID<=4705*]</query>

ERROR: Error reading XML file 'ossec.conf': XMLERR: Element '=4705]</query' 
not closed. (line 31).

Thanks for help

-- 

--- 
You received this message because you are subscribed to the Google Groups \
"ossec-list" group. To unsubscribe from this group and stop receiving emails from it, \
send an email to ossec-list+unsubscribe@googlegroups.com. For more options, visit \
https://groups.google.com/d/optout.


[Attachment #5 (text/html)]

<div dir="ltr"><div>Hello,</div><div><br></div><div>use Ossec version \
2.9.4</div><div><br></div><div>Iwant to define interval filter in ossec windows \
client?</div><div><br></div><div><br></div><div>For example like this events between \
4700 (including) and 4705 \
(including)</div><div><br></div><div>&lt;localfile&gt;</div><div>      \
&lt;location&gt;Security&lt;/location&gt;</div><div>      \
&lt;log_format&gt;eventchannel&lt;/log_format&gt;</div><div>      \
&lt;query&gt;Event/System[EventID \&gt;=4700 and EventID \
\&lt;=4705]&lt;/query&gt;</div><div>   &lt;/localfile&gt;</div><div><br></div><div>I \
would like to difene a interval, But, I get an error when I use this \
query:</div><div>   &lt;query&gt;Event/System[<b>EventID&gt;=<wbr>4700 and \
EventID<font color="#0000ff">&lt;=</font>4705</b>]&lt;/query&gt;<br></div><div><br></div><div>ERROR: \
Error reading XML file &#39;ossec.conf&#39;: XMLERR: Element \
&#39;=4705]&lt;/query&#39; not closed. (line 31).</div><div><br></div><div>Thanks for \
help</div></div>

<p></p>

-- <br />
<br />
--- <br />
You received this message because you are subscribed to the Google Groups \
&quot;ossec-list&quot; group.<br /> To unsubscribe from this group and stop receiving \
emails from it, send an email to <a \
href="mailto:ossec-list+unsubscribe@googlegroups.com">ossec-list+unsubscribe@googlegroups.com</a>.<br \
/> For more options, visit <a \
href="https://groups.google.com/d/optout">https://groups.google.com/d/optout</a>.<br \
/>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic