-
Notifications
You must be signed in to change notification settings - Fork 161
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(collection/sshd): change acquistion yaml #1109
base: master
Are you sure you want to change the base?
Conversation
This is not correct as if you have the syslog parser installed it should be able to parse the program name from the log line
|
Thanks for the very fast response. Then I would suggest updating this line with instructions on how to use the sshd parser, as the current wording is a bit confusing: https://github.com/crowdsecurity/hub/pull/1109/files#diff-05d748cef28bea4cbaf1e0e46322c1ce1417c1225f69f46393aeaa8ae80c4c1fL21. |
imo since the example shown is a syslog file the change should be reverted and then the line below should be updated to be something like
|
Change the notes to instructions for the sshd parser
changed it. |
After having a look at other collections, I kind of disagree with you. So for consistenty I would prefer changing the example to the sshd parser instead of changing the notes. What do you think? The collections I checked: |
Well that's because those applications handle there own logging to a different file by default and can opt in to using |
Ah I see. Thanks for clearing this up for me :) |
Change the notes to instructions for the sshd parser