[ossec-list] Re: ossec v0.9 BETA available.

["Meir Michanie" <meirgotroot@xxxxxxxxx>]

206c206
<         p = strchr(q, ')');
---
>         p = strchr(q, ' ');
211d210
<         p++;
212a212
>         p++;
219a220,227
>         /* Getting the ports */
>         q = strchr(p, '\t');
>         if(!q)
>         {
>             goto file_error;
>         }
>         q++;
>
222,223d229
<         p++;
<       q=p;

On 7/21/06, Meir Michanie <meirgotroot@xxxxxxxxx> wrote:

ignore the patch for the moment. I have to fix a bug

On 7/21/06, Meir Michanie < meirgotroot@xxxxxxxxx> wrote:

I would like to get the FQDN of the nmaped host in the alert report and not just the IP. So I patched my own ossec-logcollector. Here is the diff


The new alert  in the alert log:
Host: 10.0.0.1 ( ossec.somedomain.com)     Ports: 22/open/tcp//ssh/// Ignored State: closed (1664), open ports: 22(tcp)

instead of

Host: 10.0.0.1      Ports: 22/open/tcp//ssh/// Ignored State: closed (1664), open ports: 22(tcp)

--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---

206c206
<         p = strchr(q, ')');
---
>         p = strchr(q, ' ');
211d210
<         p++;
212a212
>         p++;
219a220,227
>         /* Getting the ports */
>         q = strchr(p, '\t');
>         if(!q)
>         {
>             goto file_error;
>         }
>         q++;
> 
222,223d229
<         p++;
< 	q=p;