|
hello everyone, this question is specific to ossecgui. does anyone know in which situations or in what conditions will/can an ossec server report itself as being 0.0.0.0 or reporting itself as being the agent's ip? this is happening specially with ssh connections from machine1 to ossec server. if i logon through ssh from ossecserver to ossecserver it reports as it should: src ip dest ip 'SSHD authentication success.' 2006-09-13 11:50:18 10.0.7.220 10.0.7.220 but if i logon from another machine it doesn't: src ip dest ip SSHD authentication success.' 2006-09-13 11:47:40 10.0.7.43 10.0.7.43 - the src should be 10.0.7.43 & dest should be 10.0.7.220 background info: this ossecserver is also a central syslog server, listening to network syslogs from other machines and reporting them to ossecgui, using the latest ossecgui snapshot and the latest stable ossec-hids. for those of you who have been following my questions on this suject, i've pretty much managed to work it out, yey!! :) more on that as (including my installation procedure) as soon as i iron out this issue. now, i don't think i've forgotten to mention anything of importance, what do you think? ./vcorreia Vitor Correia Systems Administrator -- Mobbit Systems [EMAIL PROTECTED] | Telemóvel: + 351 916 448 025 Avenida do Forte, 8 - 1º Andar - Frente 01 - 2795-503 Carnaxide Telefone: + 351 21 418 01 40 | Fax: + 351 21 418 01 41 [EMAIL PROTECTED] | www.mobbit.net ,-O O(_)) for a better world `-O |
begin:vcard fn:Vitor Correia n:Correia;Vitor org:Mobbit Systems adr;quoted-printable:;;Av. do Forte, N=C2=BA 8 - Andar O1;;Linda-a-Velha;2795-503;Portugal email;internet:[EMAIL PROTECTED] title:Sysadmin tel;work:+351 21 418 01 40 tel;fax:+351 21 418 01 41 tel;cell:+351 91 644 80 25 x-mozilla-html:TRUE url:http://www.mobbit.net version:2.1 end:vcard
