Hi Valerio, Yes, OSSEC can monitor named logs and you need to use the "syslog" log format in the config. You need to look at our rules to see what is wrong...
Can you submit the logs that are generating the false positive to us? It would be much easier to fix them with that in hand. Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On 9/17/07, Valerio Daelli <[EMAIL PROTECTED]> wrote: > > Hi > we use ossec-hids 1.3 on FreeBSD and we would like to monitor > the logs of BIND. > If we use a log_format of 'named' the server cannot even start. > If we use a log_format of syslog for the log file of named we get tons > of false positives. > Is it possible on ossec-hids 1.3 to monitor the logs of named? > Which log_format should we use? > Thanks a lot > > Valerio Daelli >
