[ossec-dev] Re: A few feature requests

["Daniel Cid" <dcid@xxxxxxxxx>]

Hi Jeff,

Thanks for all the suggestions. The first one makes sense and since it
is a very simple
fix I will add to v1.3 (currently in beta 2 phase). You can try it out here:

http://www.ossec.net/files/snapshots/ossec-hids-070802.tar.gz

Regarding #2, what do you mean by monitoring via hostnames? You mean the agent
name? Or doing a look up whenever we find an ip in the logs?

For #3, I am working on some of these tools and will release them very
soon... I kind
like your suggestions of a export-key and import-key commands and will
try to finish
something after we release 1.3.

Btw, a good way to track these feature requests and bugs is by using
our bugzilla:
http://www.ossec.net/bugs/

Thanks,

--
Daniel B. Cid
dcid ( at ) ossec.net


On 8/1/07, Jeff Schroeder <jeffschroed@xxxxxxxxx> wrote:
>
> Currently, the agent name is only allowed to be lowercase
> alphanumeric. Why?
>
> 1.) ids1.sys.dev1.coresys.tmcs (internal dns) seems like a perfectly
> valid agent name to me, and worked with 1.2 (even though it
> complained) yet doesn't work in 1.3 beta.
>
> 2.) We would like to monitor by hostnames and not IP address.
> gethostbyaddr() isn't difficult. Can you add that on hosts that
> support it (ie anything posix based)?
>
> 3.) Some way to script the key creation / export / import process. If
> ossec works out, my team manages several hundred (more than 900)
> servers. Expect would work, but is a hack. If you want to be taken
> serious as an "enterprise" ids, batch operations should be though
> about.
>
> Something like this would be perfect and unix-y:
> ssh ossec-server '/var/ossec/bin/export_key --id 002' > 002.key
> cat 002.key | ssh ossec-client-002 '/var/ossec/bin/import_key -'
>
>