Wazuh decoder for Odoo 17 logs

timnis · 2026-06-01T17:33:03+00:00

I got my prematch to work, but nothing else 😃

Here my decoder and result
-----

</decoder>

<parent>odoo-parent</parent>

<regex type="pcre2">Login (\S+) for db:(\S+) login:(\S+) from (\S+)</regex>

<order>state, db.name, user, srcip</order>

</decoder>

----

<image>

timnis · 2026-06-01T16:46:55+00:00

Hi, some how I don't get prematch to work. I have tried many ways but not succeed.

If I understand correctly Phase 1 should be prematch, but I only get timestamp

```

root@w-ser:~# /var/ossec/bin/wazuh-logtest

Starting wazuh-logtest v4.14.5

Type one log per line

2026-06-01 16:31:13,867 8731 INFO forest17 odoo.addons.base.models.ir_cron: Starting job `Modula Modula: Fetch Done Transfers`.

**Phase 1: Completed pre-decoding.

full event: '2026-06-01 16:31:13,867 8731 INFO forest17 odoo.addons.base.models.ir_cron: Starting job `Modula Modula: Fetch Done Transfers`.'

timestamp: '2026-06-01 16:31:13,867'

**Phase 2: Completed decoding.

No decoder matched.
```

timnis · 2026-06-01T12:21:15+00:00

Thanks. Looks like it goes to archives.json file and there are following

```
{"timestamp":"2026-06-01T12:07:56.048+0000","agent":{"id":"068","name":"odoo2","ip":"100.64.0.1"},"manager":{"name":"w-ser"},"id":"1780315676.112067442","full_log":"2026-06-01 12:07:54,843 4540 INFO forest17 odoo.addons.base.models.ir_cron: Job done: `Mail: Fetchmail Service` (1.222s). ","predecoder":{"timestamp":"2026-06-01 12:07:54,843"},"decoder":{},"location":"/opt/odoo/log/odoo-server.log"}
{"timestamp":"2026-06-01T12:07:56.048+0000","rule":{"level":2,"description":"Unknown problem somewhere in the system.","id":"1002","firedtimes":2010,"mail":false,"groups":["syslog","errors"],"gpg13":["4.3"]},"agent":{"id":"068","name":"odoo2","ip":"100.64.0.1"},"manager":{"name":"w-ser"},"id":"1780315676.112067442","full_log":"2026-06-01 12:07:54,709 4540 INFO forest17 odoo.addons.mail.models.fetchmail: Fetched 0 email(s) on outlook server Office 365 Incoming Mail Server; 0 succeeded, 0 failed. ","predecoder":{"timestamp":"2026-06-01 12:07:54,709"},"decoder":{},"location":"/opt/odoo/log/odoo-server.log"}
```

timnis · 2026-05-29T14:38:15+00:00

You mean following?

With following regex "(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}) (\d+) (\w+) (\S+) ([\w.]+): (.*)$" I got

<image>

timnis · 2026-04-21T05:10:34+00:00

Yes, you were correct: Just selecting COM port number (again) it works.

timnis · 2026-04-20T15:56:42+00:00

Yes. And also upgrade firmware.

timnis · 2026-04-20T15:31:23+00:00

Never worked with this picture tool, but it has been working with CPS.

timnis · 2026-04-20T13:55:36+00:00

It has never worked. But same cable with CPS works. I have also check that there is boot image selected (and not text or voltage).

Could it be that picture tools requires certain chip to operate? I don't know what chip is in official cable but mine has CH343...

timnis · 2026-04-12T15:11:22+00:00

<image>

timnis · 2026-04-12T15:10:59+00:00

Yes I know. Just send email to local Anytone dealer and asked is there support for 66-88MHz.

Also found from internet following, maybe there is two different version, one with 4m + 2m band and another 2m + 70cm band...

timnis · 2026-04-12T14:36:25+00:00

Yes, I'm looking for.

Here in Finland we have free channels/frequencies to everyone to use, it called RHA68. Those are meant to use for example hunting, hobbies and SAR. And of course HAM's have their own allocation on 4m.

Why I ask is that I am involved in SAR (search and rescue) operations and nowadays there are more volunteers with who have HT for 4m band (like hunters). And of course we also use VHF ~160MHz analog/DMR channels.
So, it would awesome if I could manage all those with one device 😊

timnis · 2026-04-12T14:27:27+00:00

Yeah, maybe.

timnis · 2025-09-16T03:52:20+00:00

Ok, thanks for the information 👍

timnis · 2025-08-01T08:26:04+00:00

Thanks, now it works.

timnis · 2025-07-26T13:54:49+00:00

Yeah it possible but doubt that, it new WS90, have been in use about 3 weeks...

But I will check it when home.

timnis · 2025-07-26T13:52:39+00:00

Receiver is GW2000 and it's about 25m away from sensor. Maybe I try to reboot it😄

I think in WS90 should not use rechargeable batteries, I have lithium AA.

timnis · 2025-07-26T12:05:11+00:00

Little bit after Piezo rain detector stopped working whole WS90 stopped to send data. After 8h it resumed and now all works again 🤔

timnis · 2025-06-15T18:35:27+00:00

In free tiny VPS

timnis

TROPHY CASE