[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-dev] Re: src / dst patch

To: ossec-dev@xxxxxxxxxxxxxxxx
Subject: [ossec-dev] Re: src / dst patch
From: "Daniel Cid" <dcid@xxxxxxxxx>
Date: Fri, 7 Sep 2007 23:44:05 -0300
Authentication-results: mx.google.com; spf=pass (google.com: domain of dcid@xxxxxxxxx designates 209.85.134.185 as permitted sender) smtp.mail=dcid@xxxxxxxxx

Hi Sebastien,

Patch committed. I kept the alert output the same way it was before,
to avoid upgrading
problems... On a next major release, I plan to re-design the output
model and we will
add the src/dst user names.

Thanks,

Daniel

On 8/28/07, Sebastien Tricaud <sebastien.tricaud@xxxxxxxxx> wrote:
> Hello people,
>
> just as stated in  my last email [1], I updated the patch upon cvs head.
>
> For a quick summary: user and dstuser were ambiguous. user was always
> the destination user, unless we had a source user, such as with su,
> where the source user would be in user and the destination user in dstuser.
>
> Rulesets are updated along with the patch.
>
> Please now consider the following:
> * You don't always need to fill srcuser and/or dstuser
> * If you have both information, then think "Where does this event come
> from ?" to discover the source user and "Who is the target ?" to
> discover the destination user
> * If you don't know, then just fill dstuser
>
>
> Thanks, patch attached,
> Sebastien.
>
>
> [1]
> http://groups.google.com/group/ossec-dev/browse_thread/thread/b28ffd95f758fa5d/a71f3206d4eb1b01
>
>

Prev by Date: [ossec-dev] [Bug 64] [PATCH] Useless cat using
Next by Date: [ossec-dev] [Bug 70] [PATCH] Don't source some files twice
Previous by thread: [ossec-dev] [Bug 72] New: <email_to> does not allow multiple addresses
Next by thread: [ossec-dev] [Bug 73] New: [PATCH] Fix for some memory and descriptors leaks
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.