Fortigate Decoders
80 views
Skip to first unread message
Tom Powers
May 26, 2022, 11:04:22 AM5/26/22
to Wazuh mailing list
Hello,
SO I have loaded the updated 0100-Barracuda_decoders.xml so we could get the version 6 logs to work...however... the decoded events are still showing up as decoder version 5. What am I missing here as this used to work on 4.25 just fine.
SO I have loaded the updated 0100-Barracuda_decoders.xml so we could get the version 6 logs to work...however... the decoded events are still showing up as decoder version 5. What am I missing here as this used to work on 4.25 just fine.
We are on a fresh build of 4.3.1 right now
Thanks
Santiago Poletti
May 26, 2022, 2:08:48 PM5/26/22
to Wazuh mailing list
Hello Thomas,
I hope you are doing fine!
I'm glad to help you, It is not necessary to update the 0100-Barracuda_decoders.xml decoder for version 6 logs, as it is included by default in Wazuh version 4.3.1, as you can see here:
https://github.com/wazuh/wazuh/blob/master/ruleset/decoders/0100-fortigate_decoders.xml
I'm glad to help you, It is not necessary to update the 0100-Barracuda_decoders.xml decoder for version 6 logs, as it is included by default in Wazuh version 4.3.1, as you can see here:
https://github.com/wazuh/wazuh/blob/master/ruleset/decoders/0100-fortigate_decoders.xml
You can also check if you have this same file revision in your Wazuh manager by accessing it at the following path:
/var/ossec/ruleset/decoders/0100-fortigate_decoders.xml
If you wish you can share with me a log line and I will check its decoding in my Wazuh manager.
Let me know if this information is useful to you!
Regards.
Reply all
Reply to author
Forward
0 new messages