You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've created a similar solution by referring to this but using OSSEC 2.9.4 where the format of alerts output is changed and the lambda function is unable to process the alerts to Elasticsearch. Error: Process exited before completing request.
Older version format:
{"rule":{"level":6,"comment":"SSH insecure connection attempt (scan).","sidid":5706},"location":"/var/log/secure","full_log":"Aug 6 00:03:57 ip-10-0-0-100 sshd[12462]: Did not receive identification string from 127.0.0.1 port 35578"}
Newer version format:
{"rule":{"level":6,"comment":"SSH insecure connection attempt (scan).","sidid":5706},"srcip":"196.52.43.80","location":"/var/log/auth.log","full_log":"Aug 6 18:49:02 ip-15-0-213-229 sshd[3270]: Did not receive identification string from 196.52.43.80"}
Hoping for a resolution at the earliest possible.
The text was updated successfully, but these errors were encountered:
I've created a similar solution by referring to this but using OSSEC 2.9.4 where the format of alerts output is changed and the lambda function is unable to process the alerts to Elasticsearch. Error: Process exited before completing request.
Older version format:
{"rule":{"level":6,"comment":"SSH insecure connection attempt (scan).","sidid":5706},"location":"/var/log/secure","full_log":"Aug 6 00:03:57 ip-10-0-0-100 sshd[12462]: Did not receive identification string from 127.0.0.1 port 35578"}
Newer version format:
{"rule":{"level":6,"comment":"SSH insecure connection attempt (scan).","sidid":5706},"srcip":"196.52.43.80","location":"/var/log/auth.log","full_log":"Aug 6 18:49:02 ip-15-0-213-229 sshd[3270]: Did not receive identification string from 196.52.43.80"}
Hoping for a resolution at the earliest possible.
The text was updated successfully, but these errors were encountered: