OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Hi,
I'm using ossec 3.7.0 making my own rules, i try to make a rule to send a notification to an API but I don't know how to extract the variables like
Level: 5 - Web server 400 error code.
Rule Id:[31101]Web server 400 error code.
Location:deb12->/var/log/apache2/access.log
Src IP:192.168.122.1
Hi, I'm using ossec 3.7.0 making my own rules, i try to make a rule to send a notification to an API but I don't know how to extract the variables like
Level: 5 - Web server 400 error code. Rule Id:[31101]Web server 400 error code. Location:deb12->/var/log/apache2/access.log Src IP:192.168.122.1
to send in a curl.