[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-list] Re: Problem with log_format named
- To: ossec-list@xxxxxxxxxxxxxxxx
- Subject: [ossec-list] Re: Problem with log_format named
- From: "Daniel Cid" <daniel.cid@xxxxxxxxx>
- Date: Mon, 17 Sep 2007 22:39:28 -0300
- Authentication-results: mx.google.com; spf=pass (google.com: domain of daniel.cid@xxxxxxxxx designates 64.233.166.180 as permitted sender) smtp.mail=daniel.cid@xxxxxxxxx; dkim=pass (test mode) header.i=@xxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=MfD02ABOQnuFUTFq1xga3BXaUXJjpsN0CN6VPQvQvIg=; b=ou682gUdnzFcdbrbBORQpuZ0yiXK+hDnudUpk4PeEyJl7jkpHXxGN9mt8njon9linQV8lZKh5HAaEy8H4kiVKQf+TurLKz2jv8VB+IcpRW5VBRXeEMrg8dM074fL8xnlrr257HMjZ4/y4wW3kjL9Uepq3WIva0mJhMERddsn6HE=
Hi Valerio,
Yes, OSSEC can monitor named logs and you need to use the "syslog" log
format in the config. You need to look at our rules to see what is wrong...
Can you submit the logs that are generating the false positive to us? It would
be much easier to fix them with that in hand.
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
On 9/17/07, Valerio Daelli <valerio.daelli@xxxxxxxxx> wrote:
>
> Hi
> we use ossec-hids 1.3 on FreeBSD and we would like to monitor
> the logs of BIND.
> If we use a log_format of 'named' the server cannot even start.
> If we use a log_format of syslog for the log file of named we get tons
> of false positives.
> Is it possible on ossec-hids 1.3 to monitor the logs of named?
> Which log_format should we use?
> Thanks a lot
>
> Valerio Daelli
>
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.