[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: "Invalid hostname in syslog message:"

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: "Invalid hostname in syslog message:"
From: "Daniel Cid" <daniel.cid@xxxxxxxxx>
Date: Thu, 3 May 2007 19:56:58 -0300
Cc: "Rafael Busetti" <omegatiger@xxxxxxxxx>
Content-disposition: inline
Content-transfer-encoding: quoted-printable
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Pdcst3KajDgq2Ln1sx5+Vf8A7ezzlcwPgpCmP1EnKbN3+8Hassz7pgcFflUjLZbPdppRNtALl6Ve9IsjP1ozRHk1dOx0SfewLY94f0qPvDB1fjb3ZHKP8azEWWygKtgAFkptp8nus/Fa3y4yBmWC4eKiiiQJy5M6qqvOalW7eY0=


Hi Rafael,

*Please use English in our list, since most of the users do not speak
portuguese.

The issue here is that ossec is trying to parse "UDP:" as the hostname and
not being able to do so (":" is not valid in the hostname). This is happening
because this log is not in a proper syslog format. Btw, where is this
log coming from?

Thanks,

--
Daniel B. Cid
dcid ( at ) ossec.net

On 5/3/07, Rafael Busetti <omegatiger@xxxxxxxxx> wrote:


Boa tarde,

   Estou tendo problemas no meu Freebsd 6.2 com o ossec, na parte de
logs ele lança vários logs dando esses erros...

12:42:34 ossec-analysisd(1275): Invalid hostname in syslog message:
'May  3 12:42:33 UDP: dgram to port 54177 from 201.10.4.3:53 (62 data
bytes)'.
 12:42:34 ossec-analysisd(1275): Invalid hostname in syslog message:
'May  3 12:42:34 UDP: dgram to port 52168 from 71.178.215.112:8065 (29
data bytes)'.
 12:42:58 ossec-analysisd(1275): Invalid hostname in syslog message:
'May  3 12:42:56 TCP: port 2967 connection attempt from
200.203.18.72:3628'.

eu preciso mudar algo antes de compilar os sources do programa?

Obrigado!

References:
- [ossec-list] "Invalid hostname in syslog message:"
  - From: Rafael Busetti

Prev by Date: [ossec-list] "Invalid hostname in syslog message:"
Next by Date: [ossec-list] Re: syscheck logs alters randomly
Previous by thread: [ossec-list] "Invalid hostname in syslog message:"
Next by thread: [ossec-list] ossecbase user field
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.