Hi Daniel,
Thanks for the reply.
Yes, I know Ossec use the hostname from the log generated and it same as my
/etc/hostname. But my problem is it store the hostname into the log after
installed. If I change the /etc/hostname, it won't get automatically change.
I'm setting up a base system, then duplicate it to many. To cut down the
customisation, I hope I can just change the /etc/hostname, and the rest will
also get changed.
I open the maild.h, I can see it using %s, but I don't know how to change it
to the equivalent command 'hostname -f', and if possible I also want to
change the mail from ossecm@<hostname -d>, so that when I change my
hostname, I don't need to reconfigure ossec.conf.
Hope you can help me out on this.
Thanks
Louis
Daniel Cid <dcid@xxxxxxxxx> wrote:
Hi Louis,
Ossec by default will use the hostname that was present in the log generated
(which for the local install should be equal to /etc/hostname). What are you
getting right now? You can easily modify it by changing src/os_maild/maild.h
if you want.
hope it helps.
--
Daniel B. Cid
dcid ( at ) ossec.net
On 3/22/07, Louis Voo wrote:
> Hello,
>
> I'm new to OSSEC. It took me lot of time to find out swatch replacement,
and
> OSSEC is so easy to setup.
>
> I have setup OSSEC as local running on my server. Now anything happen it
> will send mail to me. I wonder whether I can change the mail subject or
not.
> I want to change the subject to use the HOSTNAME dynamically from
> /etc/hostname, is this possible?
>
> Regards
> Louis