http://www.riunx.com/portal/modules.php?module=tips&mode=article&artid=5
It is latest snapshot of ossec2mysql and running with resolve. My config is below. So where is the problem?
[EMAIL PROTECTED] rules]# cat /etc/ossec2base.conf
# PARAMS USED BY OSSEC2BASED dbhost=localhost database=snort
debug=5
dbport=3306
dbpasswd=
dbuser=root
fieldseparator=;
daemonize=1
sensor=ossec
interface=daemon
resolve=1
From: [email protected] [mailto: [email protected]] On Behalf Of Meir Michanie
Sent: Friday, September 15, 2006 2:08 PM
To: [email protected]
Subject: [ossec-list] Re: ossec server reporting itself as 0.0.0.0 and more
use ossec2mysql with resolve (without -n and check your config)
On 9/15/06, [EMAIL PROTECTED] < [EMAIL PROTECTED]> wrote:
Installed latest snapshot still 0.0.0.0
** Alert 1158312137.299900: mail
2006 Sep 15 12:22:17 localhost -> (X1)
195.X.X.X->\WINNT/System32/LogFiles/W3SVC2/ex060915.log
Rule: 11 (level 8) -> 'Excessive number of connections during this
hour.
Src IP: (0.0.0.0)
User: (none)
The average number of logs between 12:00 and 13:00 is 8485. We
reached 10184.'No Log Available (HOURLY_STATS)
