[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: ossec v0.9 BETA available.

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: ossec v0.9 BETA available.
From: "Meir Michanie" <meirgotroot@xxxxxxxxx>
Date: Fri, 21 Jul 2006 01:14:06 +0300

I would like to get the FQDN of the nmaped host in the alert report and not just the IP. So I patched my own ossec-logcollector. Here is the diff
206c206
<         p = strchr(q, ' ');
---
>         p = strchr(q, ')');
211d210
<         *p = '\0';
212a212
>         *p = '\0';
217a218
>         *p='\t';

The new alert in the alert log:
Host: 10.0.0.1 ( ossec.somedomain.com)     Ports: 22/open/tcp//ssh/// Ignored State: closed (1664), open ports: 22(tcp)

instead of

Host: 10.0.0.1      Ports: 22/open/tcp//ssh/// Ignored State: closed (1664), open ports: 22(tcp)

--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---

206c206
<         p = strchr(q, ' ');
---
>         p = strchr(q, ')');
211d210
<         *p = '\0';
212a212
>         *p = '\0';
217a218
>         *p='\t';

Follow-Ups:
- [ossec-list] Re: ossec v0.9 BETA available.
  - From: Meir Michanie
- [ossec-list] Re: ossec v0.9 BETA available.
  - From: Forrest Aldrich

References:
- [ossec-list] ossec v0.9 BETA available.
  - From: Daniel Cid
- [ossec-list] Re: ossec v0.9 BETA available.
  - From: Stephen Bunn

Prev by Date: [ossec-list] Agent (apparently) not communicating with Server
Next by Date: [ossec-list] Re: ossec v0.9 BETA available.
Previous by thread: [ossec-list] Re: ossec v0.9 BETA available.
Next by thread: [ossec-list] Re: ossec v0.9 BETA available.
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.