Could you change
dbhost=localhost
To the actual IP address to atleast see if that is where its coming from.
Dennis
-----Original Message-----
From:
ossec-list@xxxxxxxxxxxxxxxx <ossec-list@xxxxxxxxxxxxxxxx>
To: ossec-list@xxxxxxxxxxxxxxxx
<ossec-list@xxxxxxxxxxxxxxxx>
Sent: Fri Sep 01 04:23:25 2006
Subject: [ossec-list] OSSEC2MYSQL - Agents being reported as 127.0.0.1
Hello Meir & everyone,
In the past few days i managed to get a working installation of ossec2mysql in a server-client environment and i'm very happy with the outcome of all the testing and debugging done with the precious help of Meir.
Still, one questions remains: my agents all show up in the alerts as 127.0.0.1. For debugging purposes i have the email notification on and all shows up well,
i.e. the ips are being resolved or correctly sent. Meir, i've installed the lastest version of ossec-ui dating from 1-Sep-2006 01h10.
I don't know if this helps, but here it goes:
cat /etc/ossec2base.conf
# PARAMS USED BY OSSEC2BASED
dbhost=localhost
database=ossecbase
debug=5
dbport=3306
dbpasswd=<pwd>
dbuser=<user>
fieldseparator=;
daemonize=0
sensor=ossec
interface=daemon
resolve=1
cat /etc/ossec-init.conf
DIRECTORY="/var/ossec"
VERSION="v0.9-1"
DATE="Wed Aug 30 15:16:17 WEST 2006"
TYPE="server"
Thanks,
./vcorreia
Vitor Correia
Systems Administrator