issure in creating Decoder
47 views
Skip to first unread message
neeraj uikey
Jul 14, 2023, 4:29:58 AM7/14/23
to Wazuh mailing list
hii wazuh team
can u guide me for following log
how i can create decoder
if u can show for this this log
2017-03-01T23:11:54+0000 sdwanAccCktInfoLog, applianceName=Branch2, tenantName=Customer1,
localAccCktId=2, localAccCktName=MPLS, accCktBW=0, localAccCktIp=25.2.2.2,
localSiteId=102, localSiteName=Branch2, applianceId=0, tenantId=2,
uplinkBw=1000000, downlinkBw=1000000
2023-03-23T16:00:25+0000 adcL4Log, applianceName=Concerto-Controller-1, tenantName=Versa, observationTimeMilliseconds=1571330240498, flowCookie=1679587285, flowId=33577987, flowStartMilliseconds=863301470, flowEndMilliseconds=920040156, sentOctets=522121, sentPackets=11330, recvdOctets=589460, recvdPackets=11335, sourceIPv4Address=10.1.64.104, destinationIPv4Address=10.1.64.1, postNATSourceIPv4Address=192.168.102.2, serverIPv4Address=192.168.101.4, sourcePort=2564, destinationPort=53764, postNAPTsourceTransportPort=43629, serverPort=1234, tenantId=1, vsnId=0, applianceId=0, protocolIdentifier=6, ingressInterfaceName=ptvi-0/422, egressInterfaceName=vni-0/3.0, eventType=end
2022-07-18T21:03:16+0000 alarmLog, applianceName=SDWAN-Controller2, tenantName=Tenant1,
alarmType=sdwan-datapath-down, alarmKey=SDWAN-Controller2|WAN2|SDWAN-Branch1|WAN1|fc_nc,
generateTime=1658178227, applianceId=1, vsnId=0, tenantId=2,
alarmCause=connectionEstablishmentError, alarmClearable=yes, alarmClass=cleared,
alarmKind=symptom, alarmEventType=communicationsAlarm, alarmSeverity=cleared,
alarmOwner=tenant, alarmSeqNo=1198,
alarmText="Datapath from SDWAN-Controller2/WAN2 to SDWAN-Branch1/WAN1 for fwdClass fc_nc is up ",
alarmKeyExt=SDWAN-Controller2, serialNum=N/A
i tried but unable unable to create decoder for following above log please help me
i tried but unable unable to create decoder for following above log please help me
Thanks and Regard
Neeraj
Neeraj
Juan Cabrera
Jul 19, 2023, 11:40:21 AM7/19/23
to Wazuh mailing list
Hello Neeraj,
To create custom decoders and rules, you can refer to the comprehensive documentation we have prepared specifically for this purpose. It provides step-by-step instructions and guidance to help you through the process. Here's the link to the relevant section in our documentation:
Custom Decoders and Rules - Wazuh Documentation
If you encounter any difficulties while creating your own decoders and are unable to resolve them, please feel free to share your solution with us. By doing so, we can assist you in identifying and debugging any potential errors you may be experiencing.
Best regards,
Juan Cabrera
To create custom decoders and rules, you can refer to the comprehensive documentation we have prepared specifically for this purpose. It provides step-by-step instructions and guidance to help you through the process. Here's the link to the relevant section in our documentation:
Custom Decoders and Rules - Wazuh Documentation
If you encounter any difficulties while creating your own decoders and are unable to resolve them, please feel free to share your solution with us. By doing so, we can assist you in identifying and debugging any potential errors you may be experiencing.
Best regards,
Juan Cabrera
Reply all
Reply to author
Forward
0 new messages