Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

possible fix to vista_sec.csv #526

Merged
merged 2 commits into from
Feb 3, 2015
Merged

possible fix to vista_sec.csv #526

merged 2 commits into from
Feb 3, 2015

Conversation

ChristianBeer
Copy link
Contributor

try to fix #525 I couldn't find the correct descriptions of those event ids. Maybe it's better to just delete them? I don't know how this is used inside OSSEC.

@awiddersheim
Copy link
Member

Delete the ones you put on their own lines?

@awiddersheim
Copy link
Member

This reads in the file creating a hash:

https://github.com/ossec/ossec-hids/blob/master/src/logcollector/read_win_el.c#L520

Then this searches the hash using the event ID and formats the message:

https://github.com/ossec/ossec-hids/blob/master/src/logcollector/read_win_el.c#L164

EDIT: oops had wrong line number in second part.

@awiddersheim
Copy link
Member

Anyway... this seems reasonable to me. I guess I'm still confused on your doubts about it.

@ChristianBeer
Copy link
Contributor Author

This will work for OSSEC but is still not real CSV and github will still complain about it.

@awiddersheim
Copy link
Member

Ah, because of the extra comma separators? Maybe we should rename the file so github won't think it's CSV anymore and properly handle indexing it and what not.

@awiddersheim
Copy link
Member

Or maybe use a different separator?

@ChristianBeer
Copy link
Contributor Author

I don't think it's useful to change the separator or the logic so it could read proper CSV so one file can be indexed by github.

As it stands now there was a bug in this file (improper description lines) that is now gone.

@awiddersheim
Copy link
Member

Yeah, but the work to change isn't outrageous which is why I proposed it. Also, I use git's search a lot and ran up against and issue where I was trying to find stuff in this file and wasn't able to because git wasn't indexing I guess.

@awiddersheim awiddersheim self-assigned this Feb 3, 2015
awiddersheim added a commit that referenced this pull request Feb 3, 2015
@awiddersheim
Merge pull request #526 from ChristianBeer/fix-issue525
63f5a7f 
Fix line breaks in vista_sec.csv
@awiddersheim awiddersheim merged commit 63f5a7f into ossec:master Feb 3, 2015
awiddersheim added a commit to awiddersheim/ossec-hids that referenced this pull request Feb 3, 2015
@awiddersheim
Rename vista_sec.csv to vista_sec.txt
b8a6eb2 
As explained by Christian Beer in ossec#526 this file isn't really a
properly formatted CSV file and probably will never be. It uses it's own
format so it is probably best to use the '.txt' extension. This way,
Github will stop complaining about it's format as pointed out in ossec#525.
@awiddersheim awiddersheim mentioned this pull request Feb 3, 2015
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@awiddersheim awiddersheim

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix vista_sec.csv
2 participants
@ChristianBeer @awiddersheim