...ETWEEN ANGLE BRACKETS \d+)"
Then I have a new field auxTranID with the proper numeric value.
If I go to the addattribute feature in the datamodel definition and I adda rex expression selecting t...
...ame is cpu , the type is regex-based with the regularexpression ^.*/cpu-([0-9]+)/ and the source key source . According to the form, the default format ( <transform_stanza_name>::$1 ) s...
Hi,
Trying to correlate failed logon attempts (event 4776) with the IIS OWA logs, I realized that the OWA logs are in UTC by default and I am in CEST time (Madrid).
According to the official d...
Hi guys,
How to extract one portion of the data model when I have the name of the field.
Sample: field: status, with the following values:
teste\teste1\teste2;teste\teste3\teste4;teste\test...
I am dynamically extracting a sourctype using props.conf and tranform.conf file. But the extraction is not working as expected. The soucetype i am extracting is "e...
I'm trying to monitor files on a Windows server and it isn't working. I've placed a few stanzas like this into etc/deployment-apps/Exchange/local/inputs.conf:
[monitor://D:\Microsoft\Exchange S...
I'm trying to get vulnerability data from a Nessus 4 nbe file. Here is my inputs.conf entry:
[monitor:///usr/share/ossim/www/vulnmeter/tmp/*.out]
crcSalt = <SOURCE>
disabled = false
i...
Is there a way to configure regmon-filters.conf such that it captures all Windows registry changes, EXCEPT for one or more processes? For example, capture everything except changes by splunkd.exe.