You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ossec...@googlegroups.com
Hello:
am attempting to write a local decoder for Asterisk and cannot get the syntax correct. The log line appears as:
[Dec 10 19:47:47] NOTICE[23927][C-00000013] chan_sip.c: Call from '' (NNN.NNN.NNN.NNN:9202) to extension 'NNNNNNNNNNNNN' rejected because extension not found in context 'XXXXXXXXXXX'.
and I have tried the following decoder:
<decoder name="local-asterisk-registration">
<prematch>NOTICE[\d+] \S+: Call from \S+ \((\d+.\d+.\d+.\d+):\d+\) </prematch>
<regex offset="after_prematch">to extension \S+ rejected because extension not found in context</regex>
<order>srcip</order>
</decoder>
this never matches and am wondering whether it is due to the '(' around the source IP ?
Any help appreciated.
Scott Nelson
unread,
Dec 11, 2012, 10:21:54 AM12/11/12
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ossec...@googlegroups.com
You missed something: after 'NOTICE[23927]' there is '[C-0000013] chan_sip.c:' which is not in your prematch.
In my "Guide to gooder grammer", I had a rule: "Proofread your writing to see if you any words out".
dan (ddp)
unread,
Dec 11, 2012, 4:52:01 PM12/11/12
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message