Daniel,
This problem went away and stayed away so is more than likely related
to an errant custom decoder I was working on at the time, as you
surmised.
BTW, I did modify the default sendmail-reject decoder to include the
more inclusive FreeBSD logging to read:
A little more information may help to clear this up: All of the missed
srcip occurred at the same time: from 11:52:44 to 14:08:20 on Dec 1 and from
22:13:55 On Dec 1 until now (2 days later) so I think it is fairly likely
that I added a custom decoder or rule that has caused this effect. When I
Hi Jim,
I am quite lost with your problem in here, since none of these logs
would be parsed
by the default sendmail decoder from ossec. I saw you did a few by
yourself and they
are probably the ones parsing it... Btw, it would be nice to include
them by default on
ossec (if you want to release
