UnixParser assign as Event Type Generic_Unix_sshd_Generic for ssh login
/ logout events in analytics but if i run a parser test on log the event
is correct assigned.This make impossibile to generate reports in login /
logout events. Thank you
I found the problem. I set rsyslog to send logs in RFC 5424 and
fortisiem seams to have trouble interpreting this format. I leave
default format and logs are parsed correctly.
Hello,I use a simple template, like this bellow: Email subject:
$hostName $ruleName Email body:Incident ID: $incidentId Severity:
$incident_severity Rule: $ruleName Raw log ************ $rawEvents
