[ossec-list] Re: OSSEC2BASE 0.0.0.0

[|SaMaN|]

0.9-1 on Centos 4.4 32 bit.   From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On Behalf Of Meir Michanie Sent: Monday, September 04, 2006 6:43 PM To: ossec-list@googlegroups.com Subject: [ossec-list] Re: OSSEC2BASE 0.0.0.0   what version of ossec-hids are you running ? On 9/4/06, |SaMaN| <[EMAIL PROTECTED]> wrote: Hello,   I have installed first snort sql table and then base sql then ossec2base.sql and then on base gui, alerts shown as 0.0.0.0 for source and destination IP addresses. Timestamp is 0000000 too.   Here is the alert detail ---------------------------------   ** Alert 1157380688.130944:      nomail 2006 Sep 04 17:38:08 localhost -> (SERVER1) 10.100.X.X->WinEvtLog Rule: 18107 (level 3) -> 'Windows Logon Success.' Src IP: (0.0.0.0 ) User: Xuser WinEvtLog: Security: AUDIT_SUCCESS(540): Security: Y: X: HIS1: Successful Network Logon:          User Name:      Y               Domain:                       X          Logon ID:                      (0x0,0x26C63F33)         Logon Type:      3               Logon Process: Kerberos           Authentication Package:            Kerberos               Workstation Name:                   Logon GUID:   {a1f68460-18ab-6bcc-73fb-a0b508253e95}           Caller User Name:         -             Caller Domain:  -           Caller Logon ID: -           Caller Process ID: -               Transited Services: -      Source Network Address:          10.100.X.X               Source Port:     2065        BASE ALERT VIEW ------------------------   ID # Time Triggered Signature 6 - 1 0000-00-00 00:00:00 [local] [snort] 'Windows Logon Success.'     BASE ALERT VIEW -------------------------   ID   < Signature >   < Timestamp >   < Source Address >   < Dest. Address >   < Layer 4 Proto >  #0-(6-1)  [local] [snort] 'Windows Logon Success.'  0000-00-00 00:00:00  0.0.0.0  0.0.0.0  IP