[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: How to replace hostname with IP in alerts?

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: How to replace hostname with IP in alerts?
From: "Daniel Cid" <daniel.cid@xxxxxxxxx>
Date: Tue, 29 May 2007 22:27:54 -0300
Cc: "deltamails@xxxxxxxxx" <deltamails@xxxxxxxxx>
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Rxa32YeWhAOzQEYGazDMAE6ACRBLaEAeUdols+Jh5dOdXeRqHGKXs8CQ518a1Y6z1q+YT87ABeWNhw9BbmD0cMTlGM3OmgHiu4PZHSUpZ9yugZlsrTQeTP6F5aYUZB+ZHUdffztSUqBY/sm633rTC84RppJto81gfe1653MF8f8=

Hi DM,

Ossec uses whatever the log message provided to it. If it come as a
hostname, it will use that, since it does no hostname lookup based on
logs. Btw, most applications have configuration parameters to log the
IP address instead of the hostname...

Example on how to disable hostname lookup on sshd:

http://www.ossec.net/wiki/index.php/Sshd

Hope it helps.

--
Daniel B. Cid
dcid ( at ) ossec.net

On 5/26/07, deltamails@xxxxxxxxx <deltamails@xxxxxxxxx> wrote:
>
>
> When I get alerts I want to get the IP address inplace of hostname. How to
> configure the ossec.conf for the same.
>
>
> Regards,
> DM

References:
- [ossec-list] Odd startup issues.
  - From: Vazquez, Ed
- [ossec-list] How to replace hostname with IP in alerts?
  - From: deltamails

Prev by Date: [ossec-list] Re: OSSEC-WUI question
Next by Date: [ossec-list] alert fires at level 10 but doesn't do active response
Previous by thread: [ossec-list] How to replace hostname with IP in alerts?
Next by thread: [ossec-list] Re: Disable rootcheck / OSSEC inside openvz VPS
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.