Am I doing something wrong? Most of my ossec alerts have the server's
hostname instead of the sending system's hostname.
If I call my server ossec and other servers host1, host2, etc, send
syslog UDP messages to abc, then I may get these messages:
2012 Dec 05 23:02:08 host1-1.2.3.5 Dec 5
On Dec 5, 2012 6:27 PM, Scott wa6...@gmail.com wrote:
Am I doing something wrong? Most of my ossec alerts have the server's
hostname instead of the sending system's hostname.
If I call my server ossec and other servers host1, host2, etc, send
syslog UDP messages to abc, then I may get these
On Dec 5, 2012, at 5:56 PM, dan (ddp) wrote:
2012 Dec 05 23:02:08 host1-1.2.3.5 Dec 5 15:02:08 def sbn[92413]: testing
[this one looks right]
2012 Dec 05 23:04:01 ossec-1.2.3.6 sbn: testing [this one does not]
2012 Dec 05 23:05:00 ossec-1.2.3.7 sbn: testing [this one does not]
I have no
