No specific rules for these events.
**Phase 3: Completed filtering (rules).
id: '31100'
level: '0'
description: 'Access log messages grouped.'
groups: '['web', 'accesslog']'
firedtimes: '1'
mail: 'False'
Thank you
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/n80h8pDmoxU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/fad26c69-3262-4ecb-baeb-f9e6c11fdcc0n%40googlegroups.com.
Thanks, but I have it all for a few months on this installation and it works file. I receive logs and I work with them regularly in the Discover / wazuch-archives-* pattern.
The issue appeared after enabling mentioned decoder. Since then events like the one mentioned in the first post are not displayed in Discover.
If I disable decoder again, it is not parsed
(decoded), but is on the Discover screen:
Many thanks, I am happy to confirm it works.
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/n80h8pDmoxU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/f578d823-b9ce-45cd-ba57-11e7b99fb86fn%40googlegroups.com.