[ossec-list] Re: Problem with log_format named

["Valerio Daelli" <valerio.daelli@xxxxxxxxx>]

Hi Daniel

thanks for your quick response.
A colleague of mine and me have decided that the false positive are 'not
so positive' and probably are worth a notice.
So everything is fine for us.
Thanks a lot

Valerio Daelli


On 9/18/07, Daniel Cid <daniel.cid@xxxxxxxxx> wrote:
>
> Hi Valerio,
>
> Yes, OSSEC can monitor named logs and you need to use the "syslog" log
> format in the config. You need to look at our rules to see what is wrong...
>
> Can you submit the logs that are generating the false positive to us? It would
> be much easier to fix them with that in hand.
>
> Thanks,
>
> --
> Daniel B. Cid
> dcid ( at ) ossec.net
>
>
> On 9/17/07, Valerio Daelli <valerio.daelli@xxxxxxxxx> wrote:
> >
> > Hi
> > we use ossec-hids 1.3 on FreeBSD and we would like to monitor
> > the logs of BIND.
> > If we use a log_format of 'named' the server cannot even start.
> > If we use a log_format of syslog for the log file of named we get tons
> > of false positives.
> > Is it possible on ossec-hids 1.3 to monitor the logs of named?
> > Which log_format should we use?
> > Thanks a lot
> >
> > Valerio Daelli
> >
>